Cybersecurity Career Advice

First Question: What part of computer security do you want to do?

Answer: Try them before locking into one

• Offense — pentest, red team, exploit dev
• Defense — SOC, DFIR, detection engineering
• Cloud security — IAM, architecture, hardening
• AppSec — code review, SAST/DAST, SDLC
• Security engineering — tooling, automation, infra, patching
• Governance/Risk — policy, compliance, audit

Technical Fundamentals

• Not a specific tool, because tools eventually become obsolete
• Identity Access Management (IAM) - Not specific to any vendor, but know the underlying principles
• How do Identity Providers (IdP) work?
• Networking - Internet Protocol (IP), Cloud VPCs, TCP, UDP, HTTP, etc.
• Cloud Security basics
• OS Security: Linux, Mac, Windows
• Windows Active Directory
• Containers
• Virtualization (VMware vs cloud)
• How does email work? What about the technical protocols allows phishing?

What does your home lab look like?

What is the fun part to you about your home lab?

Programming

• What can you do without the help of AI?
• Python is popular, but get fundamentals for any language
• Understand and be able to explain how a website is programmed from the frontend to the backend

Algorithms

• Queue vs Stack
• Set vs List vs Map
• Hash table
• Multi-threading and the dangers
• C string buffers and how overflows occur
• The dangers of string concatenation besides buffer overflows

Conferences

1. BSides
2. Def Con

Build a portfolio of real work

• Baseline is your own public code repos - Have your pet projects to show
• HackTheBox (or any CTF) walkthrough you wrote yourself
  • Even if you failed to complete, write what you learned
• Blog about using AI to create some code for a personal project
  • What did the AI do wrong that you identified and corrected yourself?
  • How did you know it was wrong?
• Read some blog about a vulnerability or a DEF CON conference talk and write how you tried exploiting it yourself in your lab
• Do NOT chase certs for their own sake
• Security engineers who can automate, tinker, and think critically win
• Contribute to an open source project. Improve its documentation or submit a PR for a bug fix

Communication and Writing Skills

• Write cleanly
  • AI can be an assist, but do not let it get overly wordy
  • If all the AI was broken, could you still write it yourself?
• How does your work apply to the business logic, not just technical jargon. Relate to the business.

Audience Awareness

• Non-technical people
• 30-second elevator pitch to CIO
• Technical people who just want the easy steps to reproduce the bug
• Auditor who will scrutinize every detail

Writing Formats

• Learn what a One-Pager is
• If you need PowerPoint, then you have no power and no point.

Owning Mistakes

• Avoid finger pointing
• Start with the miscommunication that you made and how you will more clearly explain your intentions in the future

Dumb Questions

1. The one you never asked
2. The one you have asked before but forgot so you are asking again for the fourth time
3. The one where you've "looked nowhere and found nothing"

Smart Questions: Briefly state: "I did some searches, but can you help me find an answer to …"

Networking

• LinkedIn
• Talk to conference speakers after their presentation
• BSides, local events (city or statewide)
• Security is a small world. Relationships matter.

• GitHub Repositories
• Cybersecurity Career Advice
• Linux Guest will not Autoresize Display in VMWare Workstation Pro 25H2
• Network Adapter Disappears or No Media After Windows Resumes From Sleep
• NanoPi R76S as a Router Benchmarks

• Computer Problems
• Curriculum Vitae
• Free Stuff
• Games
• Misc
• Programming
• Security
• Tech Tricks