/biz/ - Business & Finance

>>56399296
That completely depends on your prior work experience, what position you're applying for, and where you work. If you have held leadership roles, want to be mangerial track, and work in a medium-large enterprise, CISSP will make you more valuable for sure.

>>56399296
No, waste of time for me. Also, cybersecurity is a meme industry don't bother. Do DevOps, SRE or coding.

>>56399365
Care to elaborate anon? Currently pursuing cyber but am open to the options you listed if cyber truly is a meme

>>56399365
I don't enjoy coding but I'm open to devops or SRE. How would you recommend getting into those?

>>56399296
Was European Head of Cyber for a top 5 Global Bank and Global Head for a top 3 before 'retiring'. I always told people I mentored to do the following in order : CISA, CISM, CISP, PRIMA. The last one is a risk management qualification as cyber is just that: Risk management.

loads of technically good people but they don't rise the ranks as they don't understand Risk. CISA will get you a job. Do the others while working. Then aim for a master's in business if you want to go CISO or above.

Those who took my advice are all very senior now. Those who didn't are stuck in tech security roles and will never go any further.

No one cares about security really. It's seen as an expense with no return. Understanding Risk allows you to frame security in a way that allows management not to do it while covering your ass. That's the 101 of any profession with progression of you're not in a sales or product role.

>>56399373
Cyber is not a meme. 180k jobs vacant globally at the moment. Devs just hate cyber as we stop their asses from doing stupid shit all the time so they always shit on cyber.

>>56399833
By the way what I said above is even more true of Devs. No Dev ever gets out of IT into senior management ever because all they know is coding. Loads of cyber people get very senior if they follow the advice I gave above. I got into cyber in 2011. Buy 2015 I was European Head and say Director Level.

>>56399833
So it's more like a form of insurance than a technical field? Is the tech stagnant, or at the point of diminishing returns?

>>56399878
No but little all tech is becoming increasingly automated or outsourced. You can get rid of tech based roles in financial services, where you want to work by the way for best pay and benefits but you can't get rid of management under regulation nor can you outsource.

They are dead end roles and careers. But you have to start there. What I've outlined above is to get you a coveted management role and above.

>>56399296
31yo 180k director of cybersecurity services at a small firm. I pretty much run an 8 person team including business development, marketing/sales, and obviously operations. It's been a pretty sweet gig. That euro anon is pretty much right - focusing on understanding risk management, audit and compliance while being exceptional at technical concepts is an easy way to rise to the top.

>>56399833
>>56399955
thanks anons. Considering risk management, what brings you guys to /biz/? Banking on another crypto run, spotting something new, or do you spread investments across various traditional sectors?

>>56399987
I’m a security director who got into link back in 2017, so I come here to see what’s going on with it and it’s also nice to help anons who want to improve themselves.

>>56399833
Hey fag, you skipped the part where you need 5 years of experience for a CISA. Most of us are losers looking to switch into big boy jobs

>>56400025
what would you do if starting over today with around $80k in savings? Would you just hold out until you see something as promising as link or invest while there's blood in the streets?
I'm thinking keeping $50k in savings/t-bills and 10k to btc, 10k doge, 10k spread across a few new top 30 coins.

>>56399296
security and coding stuff is for femboys, be a man and spend all your money at the casino.
or in some shitcoin, which is pretty much the same thing, I've been with duck race for a long time and I still don't have to sell any part of my body to survive.

>>56400048
Retard. You need 3 yrs of work experience to be certified. You need the exam first to get that work experience. You have 5 years to get your 3 years of work experience. I wonder why you have not been hired when basic reading comprehension fails you!!!

>>56399987
For me, Euro anon, it's just to track trends in crypto and laugh at the shitcoin shills. I only do Eth and BTC. Made my money already so just sell at peaks and rebuy at lows. I'm a biz counter trader ha ha

>>56400056
I’m not a finance guy so my opinion is probably worthless, but in that situation I’d probably still pick up as big a link stack as I could and put the last 10% in cash/tbills or whatever you like.

>>56400222
Checked

>>56400222
If you were starting in this situation >>56400056 what would you do? curious on your thought process. For me it seems mostly cash/4-week t-bills makes sense and then a portion to stuff likely to bank assuming 50/50 we have another bull run in 2025. If it goes to 0, no biggie, I'll just try something else new that probably pans out within 2025-2030

You'll like the idea of cybersecurity. You'll hate the field. You're better off here.

>>56400281
>You're better off here.
what do you mean?

>>56399833
>Was European Head of Cyber for a top 5 Global Bank and Global Head for a top 3
only thing youre head at was your village public toilet you larping indian lmao

Get into pentesting. Get OSCP, OSEP, OSWE and start a blog. Get active on infosec Twitter. Apply to FAANGs. Congrats you're now making 350k doing a casual fun 9-5 with no on-call.

>>56402402
Anon I'm grinding tryhackme right now, when do you think I can say that I'm ready to pass OSCP, like what difficulty of boxes should I aim for?
I'm in uni right now and once I finish it I will get vip on htb and grind the fuck out of it.
I know both platforms have oscp-like boxes but the exam changed a little recently, they removed some parts like buffer overflow.

>>56399850
lmao this

>>56404476
OSCP is like medium difficulty on HTB with a report writing requirement. Of you have a bachelor's and an OSCP, work for a consulting firm or MSSP for 2-4 years then jump to a FAANG. Try to do a few conference talks, blog, and be active on Twitter. That's what I did, and it all worked out for me. I've got several team members that only have OSCP making 300k per year.

>>56406964
is it common to work remote with these kind of jobs? Currently 100% remote and it's so good

>>56406964
>medium
To be fair some mediums deserve to be in the hard category.
>Of you have a bachelor's and an OSCP
I plan to graduate and get oscp with scholarship money, I have zero debt btw. Should I bother with anything else or those two will suffice and then I just spam my cv left and right to get the first job?
Thank you for valuable info, it might not apply entirely in my country but so far your experience is very consistent with what I heard from others about oscp and pentesting in general. Wagmi.

How does cybersecurity even make it? For penetrating, it Seems like you just have to memorize a bunch of scenarios. Every situation seems different. Who can just magically sit there, brute force login and password, check a pathway, find some random date program, set it as a pathway, reboot it to run date program, privilege escalate to find random timer execution program, insert root privilege escalation, and gain root access to find some random flag that’s encoded in 256-salted hexidec convert to ascii convert to rot13 convert to rot 36 convert to text. Yeah I just knew to do all that.

>>56407325
Stick with blue team, jobs are more in-demand and universally applicable skillsets.

IRL that shit doesn't happen except nation states. Sally from accounting clicks a phish, or some asshole leaves assets open to the web is how it generally happens.

>Have Security+
>No IT experience
>Don't want a pay cut going into an entry level job

Wat do?

>>56407564
lmao if you think Sec+ = entry level SOC regardless
Either you know someone or you get your ass into helpdesk

>>56407598
I assumed entry level = help desk. Any other certs that can get me in?

>>56407664
Sitting in a SOC is direct security work and very hard to land without exp.

IT helpdesk is general IT grunt work which exposes you to principles of security to some degree.

Not really. Certs does not equal job. Some employees like them some don't. Make a github and do some projects you can show off, that'd be the best way to stand out.

Volunteer your services maybe.

>>56407694
Shit. Thanks

>>56399833
>>56399365
>Do the least minimum of security just to adhere to requirements
That's why I hated this industry.
It never was about securing processes to the maximum level possible to counter attackers and safe as many people as possible from harm.
But companies don't want to do more than the bare minimum that regulations require them to, always leaving a shitload of room for attackers and glowniggers to infiltrate much easier.
Especially in the automotive industry, breaches cost lives.
Thinking of the bare minimum as an OEM is straight up evil and greedy, yet everybody operates like that.
You sure can make a shitload of money as a Junior starts at 70k, even in Germany.
But you won't transform the world and will simply do the bare minimum for companies, while knowing which company might blow up earlier than the other.

>t. former automotive cyber security consultant

>>56408327
Brother this time in the cycle everyone is just trying to grab what they can get

>>56407239
No don't do other certs just jump into a pentesting gig at a smaller company and have them pay for OSWE, OSEP, and maybe some SANS certs. Then jump to a FAANG and try to get an L4/L5 spot. You will be doing easier work than your first consulting job for double the pay, if not triple.

>>56407325
Most pentesting at big corps is network pentesting or web app testing on microservices. It's routine but still requires much more knowledge than you're probably aware of. Also, red teaming is a whole different ball game. Very objective oriented and creative. I've mostly been red teaming for years and spend most days writing malware/C2 and whatnot.

Happy to answer any questions, anons.

>>56407096
Yes most work is remote, but a few select companies want you in person but will pay BIG for it. I have a buddy working in person for a FAANG making over a milly yearly as an L5 but hes in person.

>>56399374
If you don't like coding cybersec is not for you. The low levels you can get by being the retard police but anything mid level and above will require code review.
>>56399833
This guy gets it. Its a field for salesmen, not technologists.

>>56408847
SOC analysts don't review code. Security infra engineers don't review code. GRC doesn't review code. The vast majority of positions in infosec aren't involved in writing or reviewing code at all...

will certs, a degree, a secret clearance and military experience help in this field?

I wouldn't bother with the CISSP unless you have work experience. you literally have to have 4 years minimum just to get the cert. also don't start it without experience in the field or other certs or you'll be wasting your money probably not passing or understanding shit

>>56408847
How to i get into this feild if im a ditch digger with no understanding of computers. Inhate my life and will so anything to being able to support myself.

>>56409207
Do you actually give a fuck about tech or just want money? You can do sales for practically anything else.

>>56409145
Yes, those all give you a leg up, but it's just way too much shit to do. You have to start out at a shitty low paying help desk job anyway. In this market you could be stuck doing that for years.
Then after someone DOES gamble on you, its just exam after exam after exam chasing certification after certification. Yeah, this field sure is fun if you just wanna be a high school student for the rest of your life, constantly studying for the next big exam to get that promotion. You'll be doing that shit literally into your 70's

Just learn javascript instead while working at a restaurant or some place with majority women employees. At least you're sexually active while studying. The help desk will make your life miserable

5 years with 20 certs in cyber = maybe mid 100k's

5 years in web dev = 250k+ easily. No certs needed

I already passed SEC+ NET+ and cysa+

I've been studying for my cissp now and it's not hard so far on the material and I'm already on domain 5 of 8. It has a ton of stuff from my previous certs already in the material

Why is this gassed up like it's the hardest security exam ever? Do people just skip straight to it and get overwhelmed or something? Or is it just the sheer amount of material that makes it hard? Then again I've never failed an exam so maybe I'm just better than most at test taking

>>56409220
Its all the same shit at the end of the day bro. Ive done sales before and its a fucking drag constantly trying to convince people to give you money

>>56409244
You'll be fine. It's overhyped and really just the same as any other memorization trivia exam.

You just have to apply the knowledge in a more practical manner than before. People generally just go in unprepared for a certain domain and the test will sense your fear and pepper you with more of the questions.

One thing thats great about cybersecurity is a lot of places has compliance and regulations that prevent them from outsourcing cybersec jobs to pajeets

>>56409257
Sounds like you might need to work out a good balance of what you're good at and what can make a good living to fund your life.

Don't fall victim to the radio ads of cybersecurity = 6 fig job in 6 months.

>>56399833
makes sense.
businesses people have always been the true kings.

>>56409275
Do you think it's worth getting all these certs and experience if I already make 6 figs working remote? I'm in quality assurance and just have a Sec+ and IT bachelors. Not sure if i should just cruise this unicorn job or if the extra pay is really worth it

>>56408327
You're right mate. You as you probably know just have to tell them the truth so you have your arse covered by showing them the risks etc. That's your job. It's up to them to do it or not. To be honest that's why I focused hard on jumping ranks. Easy more influence. Also using audit to your advantage is something I recommend but be clever in doing so

It's also why I recommend risk management with business courses. Cost Benefit analysis which most security people are crap at is your best friend in this game. It will cost you X but save you Y is where you need to be really smart with hard costed and measured figures that are tangible and testable

>>56409316
Cruise it and have your company pay for certs as a backup plan. I don't think you'll get that big of a jump than what you have now. PMP might be good as well.

>>56399296
This is a finance chads board. Maybe go ask on the computer nerd faggots board

>>5640906

>>56409061
SCA is all automated now. DCA is still manual. But too be honest DCA is pen testing code anyways so a specialist security role.

>>5640914
>>56409145
I'm the Euro anon from above. Most senior cyber guys in financial services anyways are ex glowies. I've worked with guys who are ex MI5, MI6, NSA, CIA, Airforce Intelligence, DEA. etc etc.

Is it an advantage? If you're an officer yes. I was an ex soldier so it helped build trust. But to rise the ranks you still need to be able to play the game

>>56409206
I did CISA, CISM and CISP exams within 18 months. The work experience you can use across all three certs. In my view, Euro anon from above, get the exams finished quickly and focus on work after. Exams help to get CVs selected for interview but not much else

>>56409349
thanks, yeah seems like just being patient with crypto is the best bet at real gains. After making making 6 figures and working remote, seems like a waste of time dedicating more time to the modern employment system

why is it that euro cyber jobs pay a fraction of what US ones do?

>>56409207
>>56409382
This apply to me aswell?

>>56409399
Nay, those exams need documented work experience

>>56409397
Not true mate. I was earning 7 figures in USD. It depends on which country. Ireland pays top dollar cause of all the FAANGs, Crypto and Major FS companies have their Euro Headquarters here. 70% of the world's hedge funds and associated admin and fiduciary companies are here. You just have to be willing to sell your soul and realise no one cares about security and only do it if their forced to buy a competitor or regulator or major hack

>>56409399
Yes. my background was Audit and accountancy before switching to cyber. I've worked with lads as diverse as ex salvage drivers, brick layers etc who got into the field. But you will need smarts

>>56409415
No the exams do not. The certification does not you need the exam first and then the work experience to get certified

>>56409464
Is there like a school to work program or am i own my own as far as finishing certts then finding work. I honestly dont know anything about this feeld so would even know where to apply

>>56409464
Yes you are correct, you can take the exams. But this guy is a ditch digger with no IT experience.
>>56409474
Bro, you ain't doing any of those exams without having a understanding of computers. There's no shortcuts here. Closest thing that might be a value play is WGU. 4yr and certs ontop.

>>56409474
You do the exams first mate. Start with CISA. it's the easiest of the them. It costs about 800 USD all in. Only pay for the exam and the question and answer database. Ignore the books they are shit. I practiced that QA database every lunchtime Mon to Fri and that was it for three months and came third in the world with no tech background but I've always been a good exam guy. A lot of the tech guys I was working with failed it first time around funnily enough

>>56409497
I had no tech experience when I did my CISA see my story above. You do need a passion for the topic though and general smarts

>>56409497
I already know about wgu that shit feels like one of those “colleges” the used to advertise

>>56409528
Thanks bro. Anything else i should know off the top of your head?

>>56409528
>>56409534
I respect it, but disagree with the approach.

You obviously have the smarts for it, but asking newcomers to take some of the harder exams, which they can not even list on their CV for 3-4 years is a bit absurd you'd agree.

The dude needs formal education or entry level experience. What knowledge from the exams could he possibly apply or even demonstrate with no work exp during the interview? O

>>56409567
Fair enough mate. We can agree to disagree. I can only share my story. Did CISA with no background. Once I passed the exam I went only for low level contract roles where I had to learn quick or get fired quick. Did the other exams over the next 12 months and built a reputation as a solid contractor.

but, I did have an audit and accountancy background at a senior level before that so I understood controls, Risk and business so that did help and eventually is what helped me rise up the ranks so I'm not saying everyone can do it.

but as I said I worked with ex brick layers and one guy who was an ex salvage diver and they did ok doing a similar route.

>>56409566
I would recommend going to brighttalk dot com and watching as many cyber security talks on there as you can. The most difficult thing at first is understanding the lingo. Brighttalk is like a tech/cyber TED talk site bit with some sales shit thrown in. get comfortable with the lingo is half the battle

>>56409619
These are good as well as sans dot org
Look for their free webcasts and summits

>>56409619
Ive been paying attention to defcon conferences and social engineering stuff here and there but havent gone a full deep dice into the industry as a whole.

>>56409666
Dive*

I make 140k as a cyber product manager, how long would it take to make 140k+ if I made the switch to being a cyber drone?

>>56409666
You'll need to put in a few hours a day on those two sites myself and the other anon recommended. Start to understand the lingo. Start to get a feel for the area. Decide if you have an interest and passion for it. If you don't, no job with money will make you any good.

It's also one of the few jobs where continuous learning is actually required. Zero days, I e scams and attacks no one has seen before are a regular occurrence. What you know today could be obsolete in 5 years.

if you don't have an interest or passion the continuous learning alone will kill you.

Also just the talks on the sites to decide which field of cyber you like best, GRC, audit, pen testing, Network Security, Cloud security etc. Pick one and tailor certs towards that if you want. CISA haa a little bit of all hence I recommend it for a starter for 10

It doesn't feel like any certification is a good investment 2bdesu. Unless you have a bro on the inside who can get you in, everything seems to be a waste of time and money and oyu're better off just grinding.

>>56409729
Okay thanks
>>56409735
The grind is a meme. Dont be like me and waste time. Its fun to have a shit job and grind in ur 20’s but its not cool anymore to be in your 30’s and doing the same shit.

>>56409768
Best of luck anon. It's all possible but it takes work and dedication. Be willing to do that and you can make it happen

Holy fuck at all the 3rd world street shitters in here. Anyone in here needing advice from an actual Technical Director of DevSecOps who started as an intern, just follow these steps over the next 6 months to go from 0 to entry level (this isn't for eurocucks or villagers)

Pre step 1: have a degree (any degree)
1. Learn how to navigate a terminal in Windows/Linux
2. Learn to script in powershell/bash/python
3. Study for and take Security+/CySA/Cisco CyberOps entry level certs
4. Look for associate security engineer roles at Fortune 500 companies (literally Google the list and search their careers page for the role)
5. Find a recruiter for that company and reach out to them on LinkedIn.
6. Rinse and repeat steps 4/5 until you get a job.
7. Once you have an official cyber security role, spend the next few years learning the various roles cyber has to offer and find one that really interests you (stay away from soc analyst and incident response if you like free time. Vulnerability Management is one of the most chill roles along with GRC).
8. Make your company pay for a master's degree at WGU or similar degree mill school to checkbox it
9. Get the CISSP if you want to be a manager, or get additional technical certs if you want to be Senior Staff/Principal one day.
10. If still at the Fortune 500 company by this point, attempt to job hop into a higher level role either within the company for a different segment or go to a competitor.

Congrats, you're now most likely making $250-350k base after 5-7 years of not really contributing much to your organization(s).

>>56409785
What entry level positions do you recommend? Im not sure of the career path. Im reading plebbit and they recommend getting a help desk job. Which im fine with as long as it pays more the 40k.

>>56409828
any tech related jobs help as a stepping stone, but generally "information security analyst" or "security analyst" are the lowest level ones you should look for as somebody getting into the field.

>>56409061
the low ones, no, but if you aren't dealing with code (either writing exploits, confirming exploits, or patching exploits) then you're just a trained monkey and there are billions of people who can do the exact same thing. Ask me how I came to this sad conclusion.

>>56409828
I focused on contract roles at first in as many diverse security areas I could find. Access management is a good starter. Easy to learn and understand but boring. I moved them into GRC, SOC and security architecture. Each next contractor role should be a stretch role. Find what you excel at and take it from there. I landed on GRC as it suited my audit and tech background and had people like that Tech Dev Ops guy work for me within 5 years

This field sounds like a bitch. Advertisements for jobs and TV shows/film always paint it as this prestigious job with great benefits and amazing salary with limitless potential but when I look at personal written pieces and indie YouTube videos, every Profesional says you make
Chump change compared to your peers in different fields, are the least respected in the company, the most stressed out, etc.

Who's lying here? The professionals or the people making this look like the hottest shit on the face of this planet? Also, do you need clearances for private companies? Like commercial ones, not gubberment because if so that's stupid. Getting all these certs and experiences then being cockblocked by that and office politics must be complete hell

>>56399296
It's manager tier and will guarantee you stay a worthless middle manager who can't actually do anything on a keyboard but you can throw big words about risk in front of the CFO.

>>56409935
at the end of the day if youre making 250k+ who gives a fuck?

>>56409879
Can you answer this >>56409932
And is the job stressful? I'd rather do anything else like webshit if I can have peace and good money.

>>56409932
they are promoting it to lower salaries, like they did for programmers with "everyone can code". Security is not for any fucking retard with no direction in life to suddenly make 6figs.

>>56409940
because those people are the first to get cut during a downturn. >>56409935
is right, you are a glorified project manager.

>>56409975
big companies will NEVER cut cyber security.

>>56409959
All I can say is I outlined the path to go easy beyond cyber in rank and how to do it. Getting stuck in any middle management job is soulless.

like all jobs it can be stressful but it's excitable stress if you like that sort of thing. It's like modern cops and Robbers with retards getting in your way

>>56410040
how much money were you making at the director level? The one said you got to in 4 years?

>>56409988
It's literally the first thing to be cut because it's a liability and not a revenue generator. Companies generally want to spend only as much as they need to for compliance.

>tfw my comfy mid-paying STEM career never gets mentioned on /biz/, /sci/, or /g/
>never have to worry about midwits flooding my field of work and lowering wages like techfags do
It still feels like I’m missing out and I feel like I’d have a knack for reverse engineering/malware analysis as well as low-level OS shit. Is it worth career-hopping for that subfield in particular? How long would it take to self-learn and git gud at? I have 0 interest in pentesting and other common secwagie shit.

>>56410040
>I outlined the path
Sure but you outlined a path for your time.

These things always change.

For instance, just 20 years ago you could have told someone to just do a PhD to become a professor and earn an easy 300k + tenure + retirement fund

And yet if someone attempted to start to do that just 15 years ago they'd be FUCKED trying to become a prof after having dedicated years of their life on this so-called outlined path

The truth is no one knows the path to anything right now because no one knows what will be hot years from now

Oh and to all the stupid faggots saying to just do the Cisco those jobs now start at under 100k so you're unironically better still doing the learn-to-code-meme

Fucking lol

>>56410514
Tldr don't trust ANYONE in life who says something like
>I know exactly what you should do to accomplish your goal

I mean for fucks sake this should be obvious enough to all you here in a fucking crypto forum but I'll spell it out for you retards anyway

>>56399833
I took a course in cybersecurity to attain my security+ cert and maybe i’m too dumb or lazy but i felt like i was getting cancer every time i tried to study and learn about the field.

I can’t understand why because I program on the side and very much enjoy that, but all the thousands of acronyms just made me hate the field even from the first day. I wish I liked it especially as a programmer but it just felt dry and arbitrary like all the rules and processes were just made up by a bunch of pencil pushers who have no understanding of how humans respond to information input.

That said I wish I could have enjoyed it enough to get my foot in the door (I even broke open my notes after reading your posts) but between it being 99.99% Indians and the acidic nature of the subject matter I can’t see anyone enjoying doing this even for the relatively large salaries it can command.

>>56399833
I am in product, what's my progression to c level?

>>56411553
You may enjoy cyber psychology then or GRC. plus Security + is pointless. Lots of pajeets alright but they are 99% useless so you usually end up managing them which is a passion in itself but on the flip side you get to fire them

>>56399296
cybersec is a fking meme unless you're working at the NSA or one of the top companies imo

>>56410514
Mate. The path I outlined still works today. Cyber, Risk, Business qualifications in that order. Then the rest is up to you. I only retired this year and mentor people who this path still works for. But you have to be smart and learn to play the game. Find someone senior you can learn that from and you are golden

>>56410147
It was Director Level but all Head of 27 countries in Tech and cyber for a global to 3 Bank so between the entire packet, salary, pension, bonuses etc it was 7 figures in USD. But those roles are few and far between. Say that level you are devising strategy and risk management plans. It's a different skill set and where you are rarely involved in the day to day which you expect your country and department heads to manage

>>56410188
No. First thing to be cut is anything that can be outsourced. That's why I recommend FS or Pharma for cyber roles. Regulation says you can't cut cyber even if they would like too. Also cyber audit and cyber risk tend to be safer then first line of defence roles due to the specialties being rarer

>>56399833
>>56399875
Thanks anon. What if I'm already a dev should I just go for certs? I've been thinking about the cissp for awhile.
I'm not even a real developer, officially I'm on the QA team with the specific focus of security. There's no shortage of security issues I find but I feel like a bit of an insider and wouldn't mind transitioning to a real security role.
Thing is I make $150k and am senior level so I feel sort of stuck and don't want to start over as a junior somewhere else in a different role.

>>56410528
Ah ok. Go solo without any advice
>>56412106
Do you have risk management or business skills. Do you understand budget or strategy. Can you devise strategy and implement it at department, Country or regional level? That will answer your question

>>56399875
Dumbest shit I've read all day

>>56412199
Try doing CISA, CISM and CISSP. There work experience for the certs are transferable across all three as is the CPD. Do you like finding issues in Code? If so the pen testing route may be for you. Many find that they enjoy the architecture or GRC side as well once they start studying it.

It's up to you to really decide if you're comfortable or not and maybe want to take a step back for a year to break into a new field for longer term goals. If you're happy where you're at and see a future path. Stick with it.

You would still earn decent money if you switched but over emphasis the security aspect of your current role on the CV

>>56399296
You'll never make it big in cybersec unless you have an innate talent for it and taught yourself everything that's in these courses by the age of 16. You need an in depth understanding of a lot of low-level concepts like CPUs, kernels, networks. Not just knowing how they work, you must be able to manipulate them. Certs only scratch the surface. It's the toughest IT field to be really good at.

>>56412227
Ah a dev. Of course you think it's dumb. You're also dumb enough to think yourself an artist while being herded into scrums everyday like cattle and putting passwords in plain text in your code, posting your code on open forums and putting backdoors in for easy access all while thinking you're a genius.

Of course you won't get it

>>56412247
Not true mate. You're specifically talking about pen testing or cloud there. A cyber risk, audit, GRC, architect etc never opened a CPU or kernel in their life

>>56399365
I mean ur not wrong but why u gotta spoil it for everyone. I like when the market is under saturated as a devops myself

>>56412258
yeah, most cyber security "experts" are useless office drones

>>56412292
im okay with that. its better then digging ditches with paco.

>>56409316
>>56409385
Kek are you me?

>>56412231
It can be rewarding and I also like not being on call and not in a cost center. I didn't realize there were such high paying pentest roles. I guess I just don't want to get stuck somewhere that I'm valued solely for my work output which most pentest and dev jobs are.

>>56412210
Thanks. I was planning an MBA. Don't know if that's enough for risk management. I am in tech but not security.

>>56412179
>I only retired
>>56412210
>Go solo without any advice

Doesn't surprise me at all that your boomer brain is unable to comprehend what I wrote.

Day of the pillow nears

>>56412210
Also
>29 posts by this ID

Holy shit this boomer is lonely as hell

>>56412698
This 17 year old is big mad

>>56400289
You're better off here trying to make a profit than starting out at some shitty business to propose any sort of project and not get anything approved, which leads to breaches and people falling for phishing emails in almost 2024 and you'll end up getting the blame.

Also, you'll find that everyone in a given workplace seems completely dead inside and is generally non-responsive to any stimuli.

>>56412772
tl;dr: It's much more fun to play with networks and Kali with your own home systems than be forced to watch videos about expensive solutions your company wants to implement because they don't know how to secure databases.

>>56412792
As final advice, get the cybersecurity skills "ghetto-mode" for your own amusement or use. Just don't get a career on that.

>>56400140
why do faggots always interject with zero contribution just to poz the convo with their gay fantasies? kys
>>56402402
No one starts off with an OSCP, this is a proctored in-person exam for seasoned hackers.
>>56406964
Curious what your co-workers were doing before OSCP, it's hard to imagine people being hired into that as their first role without serious dick sucking/nepotism
>>56409231
>javascript
I hate that this is still a top tier language for web dev jobs, we will never escape
>>56409822
>have a degree
anon you missed the point of the thread
>>56411553
if you like building things it makes sense that you would glaze over at what is essentially an administrative roastie job/low level cybersec repoooorting

Based thread. My company announced layoffs recently so I think I'll study up and take the OCSP so I can formalize the job I already do.

>>56413503
>if you like building things it makes sense that you would glaze over at what is essentially an administrative roastie job/low level cybersec repoooorting
There is definitely a battle between useless paperwork and actual security. Their are 10 tiers of people who all exist to forward reports up the chain. They want you to spend all your time generating reports from 10 different tools that all do more or less the same thing. Act like every little thing is critical not understanding that 99% of new CVEs are only relevant on shared computing environments. Meanwhile the application is riddled with bugs that aren't public CVEs. If I'm going to do the faggot PMs job I want to get paid for it.

I sometimes wonder if I should try to pivot into /cyb/ sales including even insurance.

>>56413503
>No one starts off with an OSCP, this is a proctored in-person exam for seasoned hackers.
OSCP is by definition an entry level penetration testing cert. It just seems more difficult because shit like CEH and Sec+ are braindead easy, as are most professional certs across most fields!

> Curious what your co-workers were doing before OSCP, it's hard to imagine people being hired into that as their first role without serious dick sucking/nepotism
Most were doing some type of SOC analyst word, appsec, or in my case, generic security engineering (SIEM work).

There are a ton of lame ass reporting/sheep herding cybersec jobs but also tons of highly technical skilled professions such as:
- Malware reversing
- Pentesting/red teaming
- Threat detection engineering
- Threat intelligence
- Incident response at a good company

>>56412335
>Kek are you me?
yea it really doesn't seem worth all the extra effort just to get a few pay raises that won't really change your life. Probably better off just cruising an easy remote job, stacking crypto and pursuing your actual interests

>>56413996
I'd like to work for myself somehow, remote jobs are comfy but you still have layoffs, shitty/stupid colleagues, and stuff hanging over your head. But it seems so unattainable with my skillset. Especially with the legal ramifications of pentesting. Web3 security is a bit more wild west and not the bounties are not as diluted as Web2.
Maybe I can make my own software or fuzz tester or something useful.

>>56413973
Is there even a point in getting net+/sec+ if you can hack OSCP? Will anyone touch you with OSCP but no bachelors?
>SOC
Can you get into SOC from a NOC position? I've been contacted for NOC roles that wanted to hire me just because I put "linux terminal" on my resume

>>56412772
>You're better off here trying to make a profit
here as in /biz/ tracking trends in crypto and selling at peaks/rebuying at lows? or just going for the money in tech working the easiest job possible? So far I'm pretty much doing both of these kek. I actually did get a degree with an emphasis in "cyber", so all the courses were full of setting up networks, kali linux hacking simulations, reverse engineering malware etc. It's cool and all but I rather just make some dope music and shitpost instead with my free time

>>56412292
There's a lot like that I sent disagree but if you can bring technical as well as the other skills I spoke about you'll move up the ranks quickly precisely because of that

>>56412484
Risk management is transferable to all roles basically. Make sure your MBA has a high focus on strategy, risk, budget and cost benefit analysis. You need that for C level. A distinct risk management qualification such as PRIMA helps for Director Level roles as well

>>56412688
I'm late Gen X mate and retired through making money in Crypto, selling two businesses and making a lot of money in my career. You still live in your mom's basement looking for shitcoin gold. I laugh at people like you

>>56412698
Nope not a boomer plus retired from wealth. beyond your comprehension I know. Also you have plenty of time to read and count my posts. Are you employed fag?

>>56413853
Why don't you consider setting up your own hack firefighting service. I did before I retired. You can charge top dollar because as you said most people don't have a clue and don't know what to do.

>>56414110
I would say get net+/sec+ before OSCP just to have some basic security foundations. I know plenty of people who went from a NOC to a SOC. If you're dealing with firewalls, linux, etc. in a NOC your skills are very desirable.

Tons of MSSPs are hiring total moron kids out of college with no experience and useless educations into SOC roles starting at 70k.

>>56414071
>I'd like to work for myself somehow
every issue you stated for remote jobs is magnified tenfold working for yourself.
>layoffs
you're very subject to market conditions. Without a ton of bankroll and time, you'll probably shut down
>shitty/stupid colleagues
you're going to have deal with really shitty clients, scammers and people telling to fuck off all day every day with your marketing. Clients will also dictate your entire schedule and life if you actually want to make money
>stuff hanging over your head
you'll always be thinking you could do more. Can't ever really "rest".
But I'm also like you where I still want to do it. I've tried actually making a few software apps and an agency for B2B related to my skillsets and it was so much money and stress, didn't pay off at all. I'd only try again if I recognized a legit advantage in something new. Like Bezos with Amazon or McAfee with antivirus etc. Otherwise I'm just gonna enjoy life and be patient with the markets to throw extra funds towards

>>56414239
But MSSPs are soul destroying to work in and you're treated like a slave. It's ok for a start but get out as soon as you can

>>56414261
If you develop apps and don't like the business side or risk just sell them to a larger company and get royalties. Less money but less hassle and risk

I lead a pentesting team and have osce3. I'm considering studying cissp and just taking a comfy management job. how many hours of study would it take me to pass cissp?

>>56414207
>>56414261
>hack firefighting service
That's the dream. Because I'm not in a pure security industry right now I'll fuck up not knowing certain business aspects, not knowing Active Directory, and also a good bit of imposter syndrome - do I really know how to hack or am I just a fuzz tard.
I think I can overcome these obstacles and I mean in your hack firefighting example it's really just
>take offline
>(optional) pay ransom
>collect logs, dump state for analysis later
>reformat
>spin up new services
>restore backup and data recovery''

Really appreciate your good advice and inspiration anon.

>>56414390
Honestly mate everyone and I mean everyone feels an imposter at first. Unless you're a psycho that's normal. What you outlined is the basics of it. What you're doing is making sure the insurance gets paid out and limiting damage so chain of custody is key. Know where you're strong but more importantly where you're weak. Try and find a partner who plugs your weak spots, not a mate but a true partner who's as hungry as you are

What I did was contract in that space for about two years. Got known across a number of firms. Made sure to keep in contact with key players. Made sure I was known for quality work and then let everyone know I was out on my own and is best any other price they got.

Best of luck with it!

>>56414387
If you're looking at management why not CISM. Easier then CISSP and it's for security management

>>56414239
I am a 30y/o boomer who got an associates degree in high school and shunned college afterward, luckily gen z is incompetent and I can at least interview better than them(if I get past HR screening fro having no bachelors degree)

>>56414172
>38 posts
>I'm late Gen X
>>56414179
>Nope not a boomer
Stfu boomer
Say hi to your caretaker tyvon

>>56414387
Based fellow OSCE holder. Wanna start a contract pentesting firm full of bizlets?

>>56414179
>you have plenty of time to count my posts
You have to go back boomer. No one is listening to what you wrote. You took time and wrote all that boomershit and literally no one here is falling for it. Just leave.

>>56414864
You need a minority founder and you will roll in fed contracts. I am not joking about this.
>t. oscp

>>56414179
Oh but before you go what do you hold in crypto? Just BTC? Or just BTC and ETH?

>>56414864
>>56414934
the founder can just say they're a tranny who believes BLM

>>56410188
>cut cybersecurity
>get hacked for 250 billion
>bbc dildo pix all over the main website
>brand is destroyed
>>a-at l-least we saved 1 mill for laying th-them off

Lol

>>56414850
I'm also not an inbred mutt like you zoomer
>>56414949
Both in favour of Eth mate. Not saying they are the most lucrative just safe.

>>56415106
>Both in favour of Eth mate
Thanks. As far as boomers go at least you're one of the better ones. Ok you may leave now.

>>56414157
Thanks

>>56415578
You're welcome mate. Best of luck with it

>>56412252
lmao, so much hostility from this little faggot for someone calling his shitty take dumb. Go spread your larps somewhere else, you glorified exam-memorizing monkey.

>>56417227
Yawn baby poor boy

Cybersecurity is for losers that couldn't become software engineers, anything else is cope

>>56417351
>boomer is still posting
Holy shit you really are lonely

>>56418441
software engineering is for losers that couldn't become professional athletes, actors or rock stars/rappers, anything else is cope

>>56418451
Didn't see the irony in his own post. Stalks me, counts my posts and comments continuously. You really are a Muppet but that would insult the intelligence of a Muppet

>>56418441
Software Engineers will be made obsolete by AI. Cyber guys no as regulation requires them. Enjoy that UBI mate

>>56419049
cope #1, that was easy

>>56419038
>counts my posts
Hey, I was a newfag too once so let me help you out old chap!

Click on the ID of a user's post and you, too, can count the number of posts that user has made in this thread! Voila! You're a faggot! :-)

>>56419038
Oh also I had to google what a Muppet is and holy shit you really are an actual boomer

Day of the pillow!

>>56419400
That's called stalking Pajeet and I know you're a street shitter since you only stalked me over I shit on the pajeets. Now go eat your poppadoms

>>56419421
Even worse a zoomer Pajeet ha ha

>>56419422
>>56419431
Keep going your post count is almost as high as your age!

>>56419970
which would make his advice more likely to be true and accurate.
youre laughing at autism. but acting more autistically when given decent info is the literal ONLY way to stay dumb.
make a choice anon. yeah 45 posts says volumes about him. but your words speak volumes about you too.
get better. I look forward to talking with you when youre a more enlightened being. you have potential.

roll for 9s

>>56419997
FUCKING USELESS CUNT. You had one fucking job.
The absolute state.

>>56419999
Looks like you got what you wanted anon.

>>56418452
Sad but true (except for the rapper part, what the fuck :DD)

>>56419991
He might actually be an older gentleman who got lucky and is now on top of the world, many such cases. I'm not saying hia advice is wrong but I'm also saying that he clearly has the Dunning-Kruger old man version where his opinions are the absolute truth :D with a grain of salt there is much wisdom to be found.

T: have older relatives who match the profile

>>56420007
could you kindly check them for me young one?

>>56420032
you aren't wrong.
but like those relatives, that vitriol behind having to force his message comes from trauma.

The lessons were hard, either for him or for those he saw fail. Now he's giving it for free and being spat on.

Not saying that his way is best and that no alts were discussed. but his advice was sound.

make a roadmap. find a way to broaden your foundational industry knowledge or become obsolete in a niche.
Part of the other thing as well. it's not all luck. yes it's a factor. but it'd a factor that is ,multiplied by the work value and the efficient work value applied to it.

>>56419999
based and leadbyexamplepilled

>>56420050
oh it's samefag. correction: based and radicalaccountabilitypillit

>>56399296
Ive been working with firewalls for 10 years, all self taught. Juniper cisco watchguard sonicwall and now Palo Alto. Im full time in firewalls contracted to a state gov (so they can blame me if they get hacked) dont know fuckall about computers but I know TCP pretty good. Cissp good for me? Mid 40's years old.

>>56420049
Yeah. The amount of butthurt in this thread is pretty impressive. But what he said about the career growth aspect is also something that seems to be very unclear to many – or it might just be that some people enjoy their jobs and not everyone wants to be in management.

And of course it's not purely luck, but I also know many people who work harder than me but have less success. Or maybe I just am one of those rare elite humans who just wins because of his superior merit? God only knows.

>>56420053
based and candourpilled.

>>56420068
>many people who work harder than me but have less success
thats sort of what I meant by the efficient work value (preparation) meeting luck (opportunity).

But even against the dice roll. on snake eyes, the smart work and the hard work are the delta. luck is a constant. you are the variable.
in the hindsight of fate, working as hard as possible in the RIGHT direction is has to be the way forward for optimal results.

but its on a spectrum. like ourselves.
the most "powerful" personality type is the narcissistic sociopath. the one who can know exactly what they need and are callous enough to allow nothing to stop them.

real humans can't live like that. so we must find where we sit.

I think part of why there's desperation in his message is due to that fact that HE knows HE could have been more if only he'd applied more of himself, in a more correct manner when there was opportunities.

there's a lot of adhd bots that seem to trigger crowd judgments here lately.

since there's a thinker or two on the end here. has anyone taken a look at the t+1 playbook? (just for a different finance related topic) I'm struggling to find decent enough brains to comprehend it

>>56420118
Very refreshing to read longer posts every now and then. And googling t+1 right now, haven't been very active in this field; been busy with the retard capped development ":D"

>>56420190
delete this if you could.
the first few results are all you need.
if it looks right it is right.
it's too early to let it grow here in my opinion. I fucked up by sharing it. im saging myself

>>56420190
Well, a bit too heavy way to start the weekend :D

>>56420219
Kek :D secret club right there

>>56420219
chainlink?

>>56420231
there's a bit of info in that book.
search for dematerialisation. (maybe with a z)
I think it appears once.
should be about 185 pages or so?

>>56420238
password?
>>56420272
actually chainlink is involved way down the line. this info however doesn't relate to chainlink specifically nor especially.
Token not needed but its a cool sandbox potentially?