Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!
Hey guys, I’m a new grad struggling to figure out where to go next. I went to Pennsylvania State University and completed a program called “Cybersecurity Operations and Analytics” where I earned a BS. I’ve been applying for IT help desk jobs and tier 1 SOC analyst jobs but haven’t had any luck. Any general advice would be great. Thank you.
It’s a tough market for entry-level SOC analysts. It has been since…well, as long as I can remember.
IT Help Desk experience is a huge plus, for landing future SOC analyst roles, if you can get some.
My advice is:
- Hang ang in there and keep at it. The first security job is the hardest to land.
- Do some independent training if you have time. Hack the Box and OWASP Juice Shop have free resources, so you can keep growing. Remember that increasing your skills does lead to cash, but it sometimes takes a lot of time.
- Be on the lookout for remote postings. There’s very little done by a SOC, today, that can’t be done remotely, so it’s not critical to limit your search by geography, anymore.
- Learn some programming, if you haven’t already. SOC operations are less painful with some scripting skill. (My own path into Cybersecurity was due to my coding skills, not any Cybersecurity certificate.)
Haven’t had any luck getting interviews? Could be your resume. Haven’t had any luck with getting offers? Could be your interviewing skills.
It’s a rough job market for several reasons. My best recommendation is to do something that will distinguish yourself from others (blog, podcast, etc etc) and also try to establish a relationship with someone at prospective employers to get them to “pull” you in. I know, I know, easier said than done, but that’s where we are at.
I am looking into attacking/defending applications using genai. Any resources would be helpful and if you have any experience in pentesting such applications, i would love to hear about it!
So far i have come across the owasp top for LLMs: https://owasp.org/www-project-top-10-for-large-language-model-applications/
Thanks for sharing!