IT Certifications and Careers (Official Discussion Thread)

[Jekyll]

My last company didnt give a shyt about security and got fukked big time for it.

an employee mistakenly wired $500k to hacker who spoofed an email from one of our clients and she aint get fired they still didnt learn from that afterwards

I gotta story like this and you wouldn’t even believe who was involved. Everybody gets victimized by spear phishing. Alot of these people gain access to the email months ahead and wait on times like that to strike.

 

[DaRealness]

 

[ryda518]

I fukking love working when a holiday roles around. Less work and users are less stress because they know they are about to take a vacation somewhere.

It reminds me of those school days before summer where you come to school and finals are over so you don’t do much

but shyt is different now I’m im using the downtime to study and get this paper

 

[Mirin4rmfar]

Nice. I use TF on the regular in my current work. Didn’t even know they had a cert lol.

How long does it take to get efficient? I dont really see myself using long term but it seems like a lot of jobs want you to have knowledge of infrastructure as code.

Damn shame when plenty of inexperienced people could easily do cybersecurity work yet companies refuse to hire them. I left 2 jobs in a row because they wouldn't hire enough help. And it damn sure wasn't because of a lack of candidates. They just wanted to save money while not following any cybersecurity best practices.

Working for MSSP, a lot of people just have these equipment running and dont bother ever checking it and expecting it to do their jobs. Even mssp's are pretty short staffed.

 

[Jekyll]

How long does it take to get efficient? I dont really see myself using long term but it seems like a lot of jobs want you to have knowledge of infrastructure as code.




Working for MSSP, a lot of people just have these equipment running and dont bother ever checking it and expecting it to do their jobs. Even mssp's are pretty short staffed.

shyt day 1 it was helping me with AWS stuff. Dynamic credentials are a game changer and it makes it easier to generate those. Its mostly a tool to simplify scripting by providing a common format to do API work.

 

[GollyImGully]

How long does it take to get efficient? I dont really see myself using long term but it seems like a lot of jobs want you to have knowledge of infrastructure as code.

Super quick to pick up and go...the documentation they have online is extremely good fyi. I had a project I had to do for work last year and chose to do it in TF and have been solid with it since.

you wont want to create/delete infra again via the console honestly.

 

[Mirin4rmfar]

Years of experience required per function below:

| 8 | Required | Experience working in Cybersecurity space
| 6 | Required | Experience with Data Loss Protection/Cloud Access Security Brokers (i.e. Symantec, Microsoft, Bitglass, Netskope)
| 5 | Required | Experience with Vulnerability Management Systems (i.e. Rapid7, Tenable/Nessus Scanning, Qualys). Establish vulnerability management program using systematic scanning, risk evaluation, and coordination to remediate or mitigate identified vulnerabilities
| 5 | Required | Experience with Endpoint Detection and Response (i.e. EndGame, Crowdstrike, CyberReason). Detect and respond to alerts from end point detection response tools
| 5 | Required | Experience prioritizing top threats and likelihood for data loss vectors
| 5 | Required | Experience developing API use cases, scenarios, requirements in support of integrations with other platforms
| 5 | Required | Strong verbal/written communication and interpersonal skills are required to document and communicate findings, escalate critical incidents, and lead and work as part of a team
| 5 | Required | Research and analytical background and an analytical approach, especially with respect to event classification, event correlation, and root cause analysis
| 5 | Required | Ensure proper metrics, analysis, and reporting for continuous process improvement. Provide escalation support and document resolutions for improvement.
| 5 | Required | Monitor external data sources (e.g., cyber defense vendor sites, US-CERT, OpDivs, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine issues that would impact the enterprise
| 5 | Required | Experience in creating, documenting, and maintaining policies, procedures, and workflows
| 4 | Required | Graduation from an accredited four-year college or university with major coursework in information technology security, computer information systems, computer science, management information systems, or a related field. Master’s Degree a plus
| 1 | Required | CISSP, CCSP, CEH, or equivalent certifications
| 7 | Preferred | Research and analytical background and an analytical approach, especially with respect to event classification, event correlation, and root cause analysis.
| 7 | Preferred | Possess a solid understanding of application security standards, frameworks, attack methods, and mitigation best practices (e.g., OWASP, SANS, NIST, PCI DSS, HIPAA, CIS Critical Controls)
| 5 | Preferred | Experience with Email Threat Management (i.e. Proofpoint, MimeCast, Microsoft)
| 5 | Preferred | Experience with Cloud Enterprise Network Security (i.e. Cisco Umbrella, Palo Alto, ZScaler)
| 5 | Preferred | Experience with SIEM engineering design/management/analysts (i.e. Splunk, Rapid7, SumoLogic)
| 5 | Preferred | Running and handling the Incident Response Team (IRT) and procedures in the SOC Division
| 5 | Preferred | Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks
| 3 | Preferred | Understanding of cloud based solutions such as AWS, Azure, and/or Google Cloud
| 3 | Preferred | Experience in performing the forensics by using the toolkit FTK / Autopsy etc.
| 1 | Preferred | OSCP, CISM, GSEC, CEH, CISA, CCSP, CNFE desired
| 1 | Preferred | Symantec Certified Specialist (CloudSOC, DLP); Microsoft 365 Certified: Security Administrator Associate

this requirement is insane. You need sever people to take care of this many functions..

 

[Lord Z]

Years of experience required per function below:

| 8 | Required | Experience working in Cybersecurity space
| 6 | Required | Experience with Data Loss Protection/Cloud Access Security Brokers (i.e. Symantec, Microsoft, Bitglass, Netskope)
| 5 | Required | Experience with Vulnerability Management Systems (i.e. Rapid7, Tenable/Nessus Scanning, Qualys). Establish vulnerability management program using systematic scanning, risk evaluation, and coordination to remediate or mitigate identified vulnerabilities
| 5 | Required | Experience with Endpoint Detection and Response (i.e. EndGame, Crowdstrike, CyberReason). Detect and respond to alerts from end point detection response tools
| 5 | Required | Experience prioritizing top threats and likelihood for data loss vectors
| 5 | Required | Experience developing API use cases, scenarios, requirements in support of integrations with other platforms
| 5 | Required | Strong verbal/written communication and interpersonal skills are required to document and communicate findings, escalate critical incidents, and lead and work as part of a team
| 5 | Required | Research and analytical background and an analytical approach, especially with respect to event classification, event correlation, and root cause analysis
| 5 | Required | Ensure proper metrics, analysis, and reporting for continuous process improvement. Provide escalation support and document resolutions for improvement.
| 5 | Required | Monitor external data sources (e.g., cyber defense vendor sites, US-CERT, OpDivs, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine issues that would impact the enterprise
| 5 | Required | Experience in creating, documenting, and maintaining policies, procedures, and workflows
| 4 | Required | Graduation from an accredited four-year college or university with major coursework in information technology security, computer information systems, computer science, management information systems, or a related field. Master’s Degree a plus
| 1 | Required | CISSP, CCSP, CEH, or equivalent certifications
| 7 | Preferred | Research and analytical background and an analytical approach, especially with respect to event classification, event correlation, and root cause analysis.
| 7 | Preferred | Possess a solid understanding of application security standards, frameworks, attack methods, and mitigation best practices (e.g., OWASP, SANS, NIST, PCI DSS, HIPAA, CIS Critical Controls)
| 5 | Preferred | Experience with Email Threat Management (i.e. Proofpoint, MimeCast, Microsoft)
| 5 | Preferred | Experience with Cloud Enterprise Network Security (i.e. Cisco Umbrella, Palo Alto, ZScaler)
| 5 | Preferred | Experience with SIEM engineering design/management/analysts (i.e. Splunk, Rapid7, SumoLogic)
| 5 | Preferred | Running and handling the Incident Response Team (IRT) and procedures in the SOC Division
| 5 | Preferred | Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks
| 3 | Preferred | Understanding of cloud based solutions such as AWS, Azure, and/or Google Cloud
| 3 | Preferred | Experience in performing the forensics by using the toolkit FTK / Autopsy etc.
| 1 | Preferred | OSCP, CISM, GSEC, CEH, CISA, CCSP, CNFE desired
| 1 | Preferred | Symantec Certified Specialist (CloudSOC, DLP); Microsoft 365 Certified: Security Administrator Associate

this requirement is insane. You need sever people to take care of this many functions..

They are completely nuts asking for all this shyt.

They can't even pay you for that level of expertise, a senior recruiter that I've known for a while admitted that yesterday. With all these experience and certs, aint you suppose to make at least 250K depending on the location ?

The only way you are getting your just due is to open your own consultancy firm and give them the business

 

[DaRealness]

Years of experience required per function below:

| 8 | Required | Experience working in Cybersecurity space
| 6 | Required | Experience with Data Loss Protection/Cloud Access Security Brokers (i.e. Symantec, Microsoft, Bitglass, Netskope)
| 5 | Required | Experience with Vulnerability Management Systems (i.e. Rapid7, Tenable/Nessus Scanning, Qualys). Establish vulnerability management program using systematic scanning, risk evaluation, and coordination to remediate or mitigate identified vulnerabilities
| 5 | Required | Experience with Endpoint Detection and Response (i.e. EndGame, Crowdstrike, CyberReason). Detect and respond to alerts from end point detection response tools
| 5 | Required | Experience prioritizing top threats and likelihood for data loss vectors
| 5 | Required | Experience developing API use cases, scenarios, requirements in support of integrations with other platforms
| 5 | Required | Strong verbal/written communication and interpersonal skills are required to document and communicate findings, escalate critical incidents, and lead and work as part of a team
| 5 | Required | Research and analytical background and an analytical approach, especially with respect to event classification, event correlation, and root cause analysis
| 5 | Required | Ensure proper metrics, analysis, and reporting for continuous process improvement. Provide escalation support and document resolutions for improvement.
| 5 | Required | Monitor external data sources (e.g., cyber defense vendor sites, US-CERT, OpDivs, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine issues that would impact the enterprise
| 5 | Required | Experience in creating, documenting, and maintaining policies, procedures, and workflows
| 4 | Required | Graduation from an accredited four-year college or university with major coursework in information technology security, computer information systems, computer science, management information systems, or a related field. Master’s Degree a plus
| 1 | Required | CISSP, CCSP, CEH, or equivalent certifications
| 7 | Preferred | Research and analytical background and an analytical approach, especially with respect to event classification, event correlation, and root cause analysis.
| 7 | Preferred | Possess a solid understanding of application security standards, frameworks, attack methods, and mitigation best practices (e.g., OWASP, SANS, NIST, PCI DSS, HIPAA, CIS Critical Controls)
| 5 | Preferred | Experience with Email Threat Management (i.e. Proofpoint, MimeCast, Microsoft)
| 5 | Preferred | Experience with Cloud Enterprise Network Security (i.e. Cisco Umbrella, Palo Alto, ZScaler)
| 5 | Preferred | Experience with SIEM engineering design/management/analysts (i.e. Splunk, Rapid7, SumoLogic)
| 5 | Preferred | Running and handling the Incident Response Team (IRT) and procedures in the SOC Division
| 5 | Preferred | Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks
| 3 | Preferred | Understanding of cloud based solutions such as AWS, Azure, and/or Google Cloud
| 3 | Preferred | Experience in performing the forensics by using the toolkit FTK / Autopsy etc.
| 1 | Preferred | OSCP, CISM, GSEC, CEH, CISA, CCSP, CNFE desired
| 1 | Preferred | Symantec Certified Specialist (CloudSOC, DLP); Microsoft 365 Certified: Security Administrator Associate

this requirement is insane. You need sever people to take care of this many functions..

Plus you gotta be 22 years old and have 100 years experience.

That's why I mentioned earlier some of these recruiters are just looking for unicorns. You won't even utilise half that shyt on any job.

 

[Sonny Bonds]

I really hope today’s interview goes well. My current job continues to be trash.

 

[Obreh Winfrey]

I really hope today’s interview goes well. My current job continues to be trash.

That's the same way I feel. We have to get shyt done basically by the end of today. We got all these people on a call and it feels like I'm the only one resolving these issues.

 

[Sonny Bonds]

That's the same way I feel. We have to get shyt done basically by the end of today. We got all these people on a call and it feels like I'm the only one resolving these issues.

The position I’m in now is my fault. I took this job because my last contract role was done. I had money to be picky with my next job, but I didn’t want to waste my cash while being stuck at home.

When I was interviewing, the manager tried to sell me on potential growth down the line. It was the only offer I had, so I took it. 3 years ago I would've been excited about this job. Now, it's just boring.

 

[Rhyme n Tekniq]

Years of experience required per function below:

| 8 | Required | Experience working in Cybersecurity space
| 6 | Required | Experience with Data Loss Protection/Cloud Access Security Brokers (i.e. Symantec, Microsoft, Bitglass, Netskope)
| 5 | Required | Experience with Vulnerability Management Systems (i.e. Rapid7, Tenable/Nessus Scanning, Qualys). Establish vulnerability management program using systematic scanning, risk evaluation, and coordination to remediate or mitigate identified vulnerabilities
| 5 | Required | Experience with Endpoint Detection and Response (i.e. EndGame, Crowdstrike, CyberReason). Detect and respond to alerts from end point detection response tools
| 5 | Required | Experience prioritizing top threats and likelihood for data loss vectors
| 5 | Required | Experience developing API use cases, scenarios, requirements in support of integrations with other platforms
| 5 | Required | Strong verbal/written communication and interpersonal skills are required to document and communicate findings, escalate critical incidents, and lead and work as part of a team
| 5 | Required | Research and analytical background and an analytical approach, especially with respect to event classification, event correlation, and root cause analysis
| 5 | Required | Ensure proper metrics, analysis, and reporting for continuous process improvement. Provide escalation support and document resolutions for improvement.
| 5 | Required | Monitor external data sources (e.g., cyber defense vendor sites, US-CERT, OpDivs, Computer Emergency Response Teams, Security Focus) to maintain currency of cyber defense threat condition and determine issues that would impact the enterprise
| 5 | Required | Experience in creating, documenting, and maintaining policies, procedures, and workflows
| 4 | Required | Graduation from an accredited four-year college or university with major coursework in information technology security, computer information systems, computer science, management information systems, or a related field. Master’s Degree a plus
| 1 | Required | CISSP, CCSP, CEH, or equivalent certifications
| 7 | Preferred | Research and analytical background and an analytical approach, especially with respect to event classification, event correlation, and root cause analysis.
| 7 | Preferred | Possess a solid understanding of application security standards, frameworks, attack methods, and mitigation best practices (e.g., OWASP, SANS, NIST, PCI DSS, HIPAA, CIS Critical Controls)
| 5 | Preferred | Experience with Email Threat Management (i.e. Proofpoint, MimeCast, Microsoft)
| 5 | Preferred | Experience with Cloud Enterprise Network Security (i.e. Cisco Umbrella, Palo Alto, ZScaler)
| 5 | Preferred | Experience with SIEM engineering design/management/analysts (i.e. Splunk, Rapid7, SumoLogic)
| 5 | Preferred | Running and handling the Incident Response Team (IRT) and procedures in the SOC Division
| 5 | Preferred | Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks
| 3 | Preferred | Understanding of cloud based solutions such as AWS, Azure, and/or Google Cloud
| 3 | Preferred | Experience in performing the forensics by using the toolkit FTK / Autopsy etc.
| 1 | Preferred | OSCP, CISM, GSEC, CEH, CISA, CCSP, CNFE desired
| 1 | Preferred | Symantec Certified Specialist (CloudSOC, DLP); Microsoft 365 Certified: Security Administrator Associate

this requirement is insane. You need sever people to take care of this many functions..

Yea this pandemic has made muthafkkas extra brazen with the bullshyt.

 

[Rhyme n Tekniq]

I just had an interview (5 man- panel) with a hospital, for a desktop engineer position and because I did my research, I knew to prepare for any type of fukkery since it's gotten ehh reviews on glassdoor with one of the main recurring complaints being the toxic work environment and cliquish nature of everything. Nothing but old azz nikkas who seem to have been in the same role for 10-15 yrs, real crotchety and standoffish, but I';ll get to that...

Originally non of these muthafukkas wanted to speak up, so I took control of the interview but when the 1st person asked me 3 of these obscure situational questions right off the back, and I couldnt answer, It was like they smelled blood in the water and followed suit with their own obscure questions. So shyt turned into a guerilla style interview. Even though I answered questions honestly, these MF were still trying to gaslight me like. If you dont know, just say you dont know. answer truthfully" like I hadnt been doing that already (I hate that shyt).

The goals of the interview was to badger me about topics I didnt know but skirt over shyt I did; and just keep the pressure on the entire time instead of having a soldi, productive interview. I had to cut in and ask these MF what they were honestly looking for because based on the shyt you're asking , it seems like a senior role."

They also kept moving the goalpost and contradicting each other in regards to what's "Important to know" so I just gave up mid-interview and start pouring me a glass of Disarono while they carried one with the usual tired ass "we'll be in touch" yada yada "next phase" bulllshyt.

Then to top it off at the end, one of these old fukk nikkas made a slick but corny ass 'Boomer' comment about my resume even though he didnt bother to read shyt beyond my "Skill Summary" section.

Guess he had a problem with the font, but his high and mighty ass should know how to control+scroll at this point in his career...the fukk?


It's companies like these that have made 2021 the WOAT year for finding a new job. The amount of snark and exploitative shyt they try to pull.

The pendulum always swing back the other way though.

I'ts gettin to a point where I'm about to step away from systems and infrastructure altogether and go for Security or some shyt.

 

[knickscrusaderm]

I just had an interview (5 man- panel) with a hospital, for a desktop engineer position and because I did my research, I knew to prepare for any type of fukkery since it's gotten ehh reviews on glassdoor with one of the main recurring complaints being the toxic work environment and cliquish nature of everything. Nothing but old azz nikkas who seem to have been in the same role for 10-15 yrs, real crotchety and standoffish, but I';ll get to that...

Originally non of these muthafukkas wanted to speak up, so I took control of the interview but when the 1st person asked me 3 of these obscure situational questions right off the back, and I couldnt answer, It was like they smelled blood in the water and followed suit with their own obscure questions. So shyt turned into a guerilla style interview. Even though I answered questions honestly, these MF were still trying to gaslight me like. If you dont know, just say you dont know. answer truthfully" like I hadnt been doing that already (I hate that shyt).

The goals of the interview was to badger me about topics I didnt know but skirt over shyt I did; and just keep the pressure on the entire time instead of having a soldi, productive interview. I had to cut in and ask these MF what they were honestly looking for because based on the shyt you're asking , it seems like a senior role."

They also kept moving the goalpost and contradicting each other in regards to what's "Important to know" so I just gave up mid-interview and start pouring me a glass of Disarono while they carried one with the usual tired ass "we'll be in touch" yada yada "next phase" bulllshyt.

Then to top it off at the end, one of these old fukk nikkas made a slick but corny ass 'Boomer' comment about my resume even though he didnt bother to read shyt beyond my "Skill Summary" section.

Guess he had a problem with the font, but his high and mighty ass should know how to control+scroll at this point in his career...the fukk?


It's companies like these that have made 2021 the WOAT year for finding a new job. The amount of snark and exploitative shyt they try to pull.

The pendulum always swing back the other way though.

I'ts gettin to a point where I'm about to step away from systems and infrastructure altogether and go for Security or some shyt.

What was your experience looking like prior to the interview?