r/Cybersecurity101

I’ve been quietly grinding on a home SOC lab and I'm getting to the point where I'm second-guessing whether any of this actually matters when you get hired into a real SOC. I currently have IT Support / Helpdesk experience for about 3 years.

What I built:

Refurb Dell Latitude 5400 (32GB RAM), VirtualBox, 3 main VMs plus a separate one for Wazuh:

Ubuntu SIEM running Elastic + Kibana + Fleet
Windows 10 victim with Sysmon (SwiftOnSecurity config) and the Elastic Agent
Kali attacker
Wazuh XDR running on its own Ubuntu VM (manager + indexer + dashboard)

Suricata IDS on the SIEM box with custom rules. Host-only networking between VMs, NAT adapter for internet.

What's actually working:

-Failed logon detection, admin group changes mapped to MITRE T1098, account creation mapped to T1136, suspicious PowerShell via Sysmon Event 1, FIM on Windows sensitive dirs, Security Configuration Assessment against CIS benchmark, vulnerability detection finding real CVEs on Windows.

-5 Kibana dashboards covering event volume, top event codes, parent-child processes, destination IPs, process activity.

-Documented every build session publicly on GitHub.

What I'm genuinely unsure about:

1. The actual day-to-day in a real SOC — is it mostly tuning out alerts from one EDR (CrowdStrike, SentinelOne, Defender) and a SIEM (Splunk/Sentinel)? Because my lab has been mostly setup and detection engineering, not really high-volume triage practice.
2. How transferable is this stack to a real production environment? Like will an interviewer see Elastic + Wazuh and think “useful foundation” or “none of this is what we use?”
3. What would you add as the next phase if you were me? Right now I’m planning AD + Kerberoasting + BloodHound, then Splunk alongside Elastic. But open to better ideas.

One of my friend is being blackmailed by another person who got his nudes via omegele , the person is threatening that he will share those screenshots to the knowns , need some advice or somebody who can assist me and help in this matter , please help

I’m trying to break into cybersecurity/SOC analyst roles, and instead of only studying certs, I started building a full hands-on SOC/security analyst home lab roadmap.

I wanted to create something that helps me actually practice the work instead of just watching videos or memorizing definitions.

Here’s the roadmap/site I’ve been building:

https://mmajeed7864.github.io/soclab/

So far, the lab includes things like:

\\- Elastic SIEM
\\- Kibana dashboards
\\- Fleet Server / Elastic Agent
\\- Sysmon
\\- Suricata IDS
\\- Wazuh XDR
\\- Windows 10 victim endpoint
\\- File Integrity Monitoring
\\- Security Configuration Assessment
\\- Vulnerability Detection
\\- Account creation / admin group change alerts
\\- SOC-style investigations and ticket writing
\\- MITRE ATT&CK mapping
\\- Splunk basics
\\- Cloud/Sentinel/Defender sections later in the roadmap

The goal is to use this roadmap to prepare for:

\\- SOC Analyst L1
\\- Junior Security Analyst
\\- Cybersecurity Analyst
\\- Eventually SOC L2 foundations

I’m not claiming this replaces real experience, but I’m trying to build the closest thing I can at home: generate logs, detect activity, investigate alerts, document findings, and explain what happened.

For people already working in SOC/security:

1. Is this roadmap realistic for preparing for SOC L1 or junior analyst roles?
2. What would you remove because it’s unnecessary?
3. What would you add that hiring managers actually care about?
4. Am I overbuilding this, or is this the right direction?

I’m looking for honest criticism, not just encouragement. If something is missing or unrealistic, I’d rather know now while I’m still building it.

Running into this constantly. Clients see the monthly line item, nothing visibly explodes, and they start questioning whether they actually need it. How are you framing the value conversation without sounding like you're just trying to upsell them?

I recently got my first IT job as a Desktop Support Technician/Tier 2 in a corporate environment with no prior IT experience. I’m still learning a lot every day, but I think I’m doing pretty well so far.

A lot of different IT people, management, and even HR seem to like me and trust my work, which honestly motivates me a lot.

I have a B.S. in Business Administration with a major in Technology Information Systems & Analytics, and my goal is to eventually become a Cybersecurity Analyst someday.

The problem is that while I’m learning a lot, the company doesn’t really seem to have much growth into networking or cybersecurity, and they don’t pay for certifications or education either.

I keep wondering what the smartest next step is:

• Security+?
• CCNA?
• Homelabs/projects?
• Just keep gaining experience?

I know cybersecurity isn’t entry level, so I’m trying to stay patient and build experience first. I just don’t want to stay stuck in one spot too long.

Would appreciate advice from people who started in IT support and eventually moved into cybersecurity.

I’m currently a sophomore in high school and I am very interested in Cybersecurity I already have some programming expierance with python and JS but cybersecurity is something I’m very interested in I just don’t know where to start.

Programs with practical learning usually produce better results than certification-only courses. Recruiters in the USA often ask scenario-based questions instead of theoretical definitions.

Good training programs like H2K Infosys's include the following:

• SIEM tools like Splunk
• Wireshark packet analysis
• Vulnerability management
• Cloud security labs
• Phishing investigation
• Resume optimization
• LinkedIn support
• Mock interviews

Another important factor is whether the institute provides internship opportunities or live project experience. Candidates with real-world exposure often stand out during interviews.

Before enrolling, always check student reviews, placement support quality, and whether the curriculum is updated for current industry demands.

Is the following roadmap enough to get a job in cybsecurity within 6-8 months

1. Google Professional Cybersecurity Certificate

2. Try Hack Me - SAL 1

3. GRC Mastery and Hack The Box

4. AI Fundamentals for Cybersecurity (Claude)

Could anyone guide me is this path enough to go for and will it cover foundations of OS and Linux?

And how can apply for internships and interview but almost end of this year after completing these courses?

Hello everyone, I'm studying programming at university, but there's no cybersecurity major, and I'd like to specialize in cybersecurity. Does anyone have a starting course? I have a background in programming and I'd like to start with a course, or are there any Telegram channels that offer paid courses for free?

And thanks

been thinking about this a lot lately. we've been expanding our telemetry collection across endpoints, cloud, identity, and now SaaS and edge sources too, and the honest result is that our analysts are drowning. alerts are up, but I'm not convinced we're catching more real threats. if anything the signal-to-noise ratio has gotten messier and investigations take longer because you're sifting through so much junk before finding anything useful. storage costs are getting pretty uncomfortable too, which creates this pressure to shorten retention windows. now, some teams handle that with tiered hot-warm-cold storage instead of just cutting retention outright, which is smarter, but even then, you're adding operational complexity and if you don't manage it carefully your forensics coverage still takes a hit when it matters most. I think the real problem is that teams treat telemetry volume as a proxy for security maturity. more data equals better coverage, right? not really. if half that data is low-fidelity, poorly normalized, or siloed across tools that don't talk to each other, you're not actually more secure. you're just more expensive and more fatigued. and with AI-driven triage tools becoming more common in SOCs now, the quality of your data matters even more because garbage in, garbage out. bad telemetry doesn't get smarter just because an LLM is looking at it. the coverage question is really about signal quality, not raw volume. more sources only help if the data is relevant, tuned to actual use cases, and feeding detections that lead somewhere. curious whether others have hit this wall and what actually helped. did you go the filtering and pipeline route to shape data before it hits your SIEM? or did you audit your sources and cut the ones that weren't contributing to real detections? would love to hear what moved the needle.

I keep seeing articles written by cyber security experts and they keep mentioning one of the ways to stay secure is by using a password manager app or password manager website. If someone hacks that kind of website, isn't it bad to have all your passwords on there? I just find it confusing that a cyber security expert is advising people to use a password manager. Is it just outdated advice?

The best cyber security courses for beginners are usually the ones that combine practical labs, live instructor sessions, mock interviews, and direct placement guidance. Employers care more about hands-on skills than theory alone.

A strong cyber security training with job placement program typically includes:

• Real-time SOC simulations
• Resume and LinkedIn optimization
• Interview preparation
• Cloud and SIEM tools exposure
• Internship or project experience

Many students struggle because they only complete certification videos without gaining practical experience. That’s why career-focused cyber security jobs with training programs are becoming more popular in the USA.

The ideal course should prepare you for actual entry-level cybersecurity roles, not just help you pass an exam.

I never thought USB devices would become one of the biggest headaches once our team went hybrid.

At first the focus was mostly on productivity tracking and figuring out how to manage remote employees without constantly chasing updates all day. But over time the bigger concern became security. People working from home started plugging in personal flash drives, external SSDs, random USB devices, and nobody really knew what data was moving around anymore.

One situation that really made management panic was when a contractor copied internal files onto a personal drive to “finish work later.” Nothing malicious happened, but it exposed how little visibility we actually had outside the office environment.

What surprised me is that a lot of employee monitoring software seems heavily focused on screenshots, mouse activity, or time tracking, while USB/device control and insider threat prevention feel almost like an afterthought.

Curious how other companies are handling this now.

Are you using separate endpoint security tools alongside employee monitoring software, or have you found something that balances workforce monitoring, USB device control, and compliance without making employees feel like they’re under a microscope 24/7?