Tech Industry
Yesterday
1909
1 vs 5 Million - no lifestyle change
Tech Industry
2d
26763
How did this happen? (Meta Stock)
Tech Industry
Yesterday
1703
Lack of diversity in engineering division at X
Tech Industry
Yesterday
2469
Tech companies to avoid as a white guy?
Tech Industry
Yesterday
770
Is now a good time to join Meta?
Hi everyone, Currently, I am unemployed. The next job I want is Security Engineer or Application Security role. Ultimately, I want to become DevSecOps I don't have experience in Cyber Security. I have done bootcamp with Level Effect. I am enrolled in Udacity Cloud DevOps Program: https://www.udacity.com/course/cloud-dev-ops-nanodegree--nd9991 And 100 Days of Code: The Complete Python Pro Bootcamp for 2022 on Udemy: https://www.udemy.com/course/100-days-of-code/ I am considering these next programs and wondering if these programs are enough to get the roles? Security Engineer at Udacity: https://www.udacity.com/course/security-engineer-nanodegree--nd698 TCM Security Program: https://academy.tcm-sec.com/ #cybersecurity #securityengineer #jobfit #jobhunt #applicationsecurity #jobs #interview #security #it
What is your experience? Have you spent time as a software engineer or similar? Security Engineering is not an entry level job, and without prior security experience you will need to demonstrate some skills in building things that you are going to be tasked with securing.
I have 4 years experience as IT Service Desk Analyst. 5 years experience as independent contractor. I did look at SOC or NOC roles but I am not interested in those roles. I love dealing with deployment, maintaining and troubleshoot virtual environments. At my previous job, I use to work with our Senior System architect in projects creating new pools within VMware vsphere and mitgrating users data from one VHD to another VHD
That’s something! It’s true that the natural path from IT support is to SOC but if you don’t like it then I’d suggest gaining some experience with cloud, Jenkins, GitHub. Try to create your own test lab. Even if you create some CI/CD process for your small application, hosting it in cloud, and follow cloud security best practices - this is some experience already.
for appsec roles try getting the basics of how things work Example- Networking - common protocols like tcp/udp, icmp, dns, dhcp, smtp (these might not get asked on appsec interviews but it will help you become a better at security) Crypto - Read about TLS how it works (what each things mean in a ciphersuit), Hashing (md5,sha,bcrypt,argon2) Starting writing some code if not already written, there are some very good beginner friendly python books which are security focused just google search python security books Try some webapp related challenges , there are really good labs available these days Apart from that try reading the code for small projects & check if you are comfortable reading and understanding the code as this will be necessary for appsec role and Very Important when you learn about a vulnerability and how it can be andexploited, don't stop there read how it can be fixed, what protection mechanism can be used for fixing that bug and more importantly why that protection mechanism works, if you understand the why part - this will help you apply the security concepts to different systems/architectures & make you a better engineer not included linux/windows coz you already may have some experience with that stopping here :D
Is there any platform you recommend learning app security? I am thinking TCM Security but I think INE is good too. Everyone is recommending tryhackme and hackthebox which I am not knocking on those platform. I feel getting my foundation build first then do those tryhackme and hackthebox is the way to go
try portswigger
don't do TCM shit
Anything you recommend?
Burp academy
It’s great that you are so interested and made some research already. This topic has been discussed a lot. Main advice is “learn the free stuff first”. I suggest you could use search here as well. Quick looking at the “AppSec” search results and here are some topics to start with: Check out this post! "How can I transition to an AppSec or security engineer? (Security Career)" https://us.teamblind.com/s/5UH5oN1M Check out this post! "How did you get into security? (Security Career)" https://us.teamblind.com/s/RdFMTem8 Check out this post! "I did 8.5 security engineer on-sites with top tech companies…a prep guide (Security Career)" https://us.teamblind.com/s/LyANPVE6 Check out this post! "Advancing career from a “Support” position? (Tech Industry)" https://us.teamblind.com/s/mVv8agxw
Thank you for answering my question. One of challenges I faced is I don't have any IT certs. The reason is I gave up trying to obtain one of them. I failed the net+ and sec+ five times each exam. I decided focus on personal projects I am interested in Cyber Security. Also, it would be nice I can get feedback on my resume
You don’t need any certs. Even more, it looks inadequate if person has certs and no experience. Do those courses and look at different job descriptions to figure out what is more interesting to you and what skills do companies look for. And read comments on the posts on blind on this topic. People share a lot of information and advice but it’s time consuming to repeat the same over and over. Unless you have decided on a role (like, engineering, analytics, soc, AppSec, infosec, malware analysis, research, pentesting, etc) and ready to ask specific questions, search for posts similar to those I shared above. They could provide general recommendations