r/SecurityCareerAdvice

How should I actually go about learning Linux?

Most people advice me to just start using Linux, so I installed Debian 13, customized my desktop, and learned the absolute basics like ⁠cd⁠ and ⁠ls⁠. But now that the setup is done, I’m stuck on how to actually progress.
I want to properly learn the command line, system administration, and eventually scripting/networking, rather than just copying and pasting terminal commands.
What are the best resources, practical projects, or next logical steps for a beginner to actually understand how the system works under the hood?

reddit.com
u/ThelilBruce_Wayne — 5 hours ago

Need career advice

I am currently in the last trimester of my MSc in Cyber Security at TU Dublin (meaning I currently have Stamp 2 visa). I have zero experience and I am looking for a job now, would I have any luck in going for Entry level SOC positions or should I directly apply to IT helpdesk jobs? I already have the eJPT cert and currently studying for SAL1 (not sure if I will buy the exam voucher, but I plan to study the whole path). Also will going for any other cert would help my resume and chances to get an entry level CyberSec job?

reddit.com
u/kkx211 — 4 hours ago
▲ 4 r/SecurityCareerAdvice+2 crossposts

I am so confused about learning SOC Analyst

I am 4th Year BCA student and recently i have started studying Cyber Security fundamentals (almost completed) and i am very confused in SOC analyst profile.

Many peoples say do this, some says do this, i can't find a clear way to do SOC analyst nor I have someone who could guide me.

Guys please Tell me that for a SOC Analyst L1 Job What should i have to study.

reddit.com
u/SandleChopper — 8 hours ago

A Day in the Life of a Threat Analyst, WFH Edition (Swim, Coffee, XDR, Repeat)

Making this post so that all of you get an idea on exactly how is a life of a Threat Analyst(MDR) and what are my D2D activity.

6:30 AM. Swim first, before my brain fully gets activated. Best decision I've made this year. Relaxes the mind.

8:15. Coffee. Non negotiable. I've tried skipping it twice. Both days ended badly(consider it as a superstition or the screen effect).

9:30, I log in. WFH, so I just need to walk from the kitchen to my desk. First thing I check isn't the XDR portal, it's email, calendar, Slack, and Teams, in that order, because half the time overnight shift has already flagged something for me and I don't want to walk into a case cold.

10:00 onward is when it actually starts. Into the XDR portal, sorting through alerts and detections that queued. MDR is a 24/7 job. Some days it's quiet. Some days I open the queue and immediately know it's going to be a long one, usually because three alerts from the same host are all pointing the same direction.

The investigation part is where time flies or disappears. Querying event logs, pulling process trees, checking parent child relationships, cross referencing against what the endpoint saw versus what the network saw. Verifying the Threat Intel. I've lost entire hours to a single suspicious PowerShell execution that turned out to be an IT admin running a script nobody informed us or documented anywhere.

Around midday, at around 1 or 2, I usually get on a call with a client if something needs explaining in technical POV. That's a different skill entirely. You can be great at reading a process tree and still fumble explaining it to someone who just wants to know if their business is on fire. I learnt it a hard way, don't want you guys to struggle on that aspect.

Response actions, if needed, isolating a host, killing a process, blocking an IOC. Then lunch, which I try to actually eat away from the screen, or watch some Sit Coms.

Afternoon is round two of the same loop. New alerts, new queries, sometimes picking back up a case from the morning that needed more eyes in investigation.

The fun part nobody tells you about this job is that you start recognizing patterns in things that have nothing to do with the job. Once this job gets into your head, it doesn't fully leave.

End of day is a wrap up meeting, log off, and then TV and sleep, trying not to think about tomorrow's queue.

If you're planning to go for SOC or threat analysis in near future, this is a glimpse of a day, which I am sure nobody told you about.

reddit.com
u/makeiteasy_24 — 15 hours ago

carrier change

currently working as a java springboot developer but I don't have any interest to continue with the same skills i want to get into the side of security like cybersecurity or cloud security, learn linux that's mandatory and i should be able to use it in my job i have time well i feel like time's running out but i indeed have time ig need help from anyone on how i should proceed and get into this security thing anything any role regarding security i am ready to learn change my skills i am up. 4years of java and i am all done with it.

help me out i feel like struck

reddit.com
u/Main_Celebration_142 — 11 hours ago
▲ 7 r/SecurityCareerAdvice+1 crossposts

Would you leave a stable job for a short term IT contract?

I have a stable full time job right now, but it’s not IT related. I also have the CompTIA trifecta and I’ve done labs/projects, but I still have zero real IT job experience. I’m trying to decide what most people would do in this situation: stay in the stable job and wait for a stable IT role or take a short-term IT contract/internship to finally get experience. My main worry is the contract ending and not being able to land another IT job afterward, especially in this job market.

What would you do in my position?

reddit.com
u/OneStory9175 — 21 hours ago
▲ 8 r/SecurityCareerAdvice+1 crossposts

Move into Appsec, what should I consider before doing it?

Backend engineer, ~5 YOE, 1 year at current. I've been offered an internal move to AppSec.

At my previous job I was the security guy on my team ("Security Champion" programme, but for technical people) - moving security initiatives for our app, exploratory testing (found a few big vulns while messing around), and owning the security side of a cloud migration: data classification, SAST in CI/CD, and passing internal audits - this was around 20% of my capacity, the rest were usual developer work. I liked it and wanted to grow in security, but left for a better BE offer.

Current job is distributed systems with e2e ownership in a great team, so I've picked up solid devops experience too. The really great team makes the choice a bit harder too :).

Two things worry me:

  • AppSec seems like it could mean really different stuff depending on the company - scanner triage at one place, threat modeling and architecture review at another. What is the real-deal appsec engineer job have to look like so I can be competitive if I decide to grow in this field?
  • Would the previous BE experience(granted that some of it ~2YOE was with a security flavour) hurt my prospects if I try to pursue an appsec role, and vice versa would the appsec experience hurt future BE prospects. Basically is there bidirectional transfer of skills. I'm guessing so, but I might be guessing badly.
  • Is AppSec going to be impacted badly by LLMs?

Anyone made this switch? What should I look for in an appsec role.

Disclaimer: I've used AI to make this post more understandable, English is not my native language, neither am I too good with words.

reddit.com
u/outMyComa — 1 day ago

Trying to decide between it manager and cyber security.

I'm 2 years into my it career. I have a bit of experience from personal and work stuff before that but never as full-time employment. I started as an IT technician and I'm now a network administrator for a midsize company after getting promoted.

Most of my work has really been focused around security at this job, considering it essentially had been left untouched since the mid-2000s. It's not particularly high level security stuff, but things like configuring, firewalls, tightening security policies or creating them implementing endpoint security, managing that endpoint security, email filtering dmark dkim setting up pen testing vendors and a whole bunch of other things.

None of it's super technical but I do find it interesting. I'm listening to security podcasts and read up on security in my free time. That said, I'm a bit older coming into this and have about 7 years of Prior non-it management experience.

Technically because of some security Management experience I meet the requirements probably for the cissp.

But I don't know whether it's better to leverage management experience and try to become an I.t manager or if it's beneficial go towards my interest which is security.

I have no interest in working as a level 1 soc analyst that feels like a dead end and pretty dull.

What do you think?

Also, apologies for any formatting issues. I'm using voice to speech while holding my sleeping baby.

reddit.com
u/Tarwins-Gap — 1 day ago

How hard is finding a job in cybersecurity right now

So I am currently attending Purdue University Global to get my google cert for cybersecurity. I am wondering if this will be enough to find me a job in the world of cybersecurity? I have some small connections to people in the field, but nothing major. Is it hard to find a job in Cybersecurity right now?

reddit.com
u/Jactics2000 — 1 day ago

Should I skip the typical SDE path and specialize in cybersecurity from the beginning?

I’m entering my final year of ECE engineering in India; interested in cybersecurity, and I’m at a crossroads.

The conventional advice I hear in software and IT is:
Learn Java/C++
Learn DSA
Grind LeetCode
Learn web development (React, Node, etc.)
Get an SDE/SWE job

However, I’m much more interested in cybersecurity, especially SOC, DFIR, Detection Engineering, threat hunting, and bug bounty. I enjoy Linux, labs, CTFs, and security projects far more than full-stack development.

Is it a mistake to skip the traditional SDE route and specialize in cybersecurity from the beginning?

For those already working in cybersecurity in India:
Did you start directly in cyber, or transition from software engineering?
Do you think freshers should still focus on DSA and web development first?

If you were in my position today, what would you do?
I’d appreciate advice from people already working in the industry rather than generic career guidance.

reddit.com
u/marlinspikee — 1 day ago

I have 6 months to turn my life around and break into cyber security

I graduated one year ago after studying anthropology nd have been unsuccessful in finding any employment , this has put a major burden on my mental health and overall well being , Ive got a girlfriend who’s pregnant now and I have to break into tech before the baby gets here , I did some research into tech and cybersecurity , how hard is it going to be and do you guys have some tips on how to break into the industry in the shortest time possible etc , certs , msc . Any help is much appreciated 

reddit.com
u/No-Level-2627 — 2 days ago

Cyber Security Career Advice In Australia

Hello friends, I'm seeking advice on a cyber security career in Australia. I'm about to complete a CS degree. To be more specific, I'm completing a bachelor of IT (Computer Science) at QUT. The University now offers an IT (Cyber Security), If I change my major, I'll need to do another 2-3 years (part-time). From an employer standpoint, should I change my major or should I complete an industry cert? If so, what would you recommend? Is there a possible road map I should follow?

reddit.com
▲ 3 r/SecurityCareerAdvice+1 crossposts

I want my first internship in Cybersecurity junior penetration

I'm final year student interested in cybersecurity red team. I daily solve CTF labs and I'm focusing on to get my first internship so please guide me how to find internship in mumbai

reddit.com
u/Ok_Blueberry8533 — 2 days ago

Resume Review - Entry-Level SOC Analyst

Hi everyone,

I'm currently looking for my first full-time cybersecurity job.

I recently completed my BCA and have CEH v13, along with 6 months of SecOps internship and 6 months of VAPT internship experience.

I'd really appreciate any suggestions to improve my resume. If anyone knows of any openings or can provide a referral, I'd be thankful.
Resume

Thanks!

reddit.com
u/NOtAhUMN — 2 days ago

what technical questions should i expect for a cybersecurity threat intelligence intern interview?

i have an upcoming technical interview for a cybersecurity internship. from what i understand, the role is focused on cyber threat intelligence, security reporting, and data analysis. i have to make threat reports, use sql queries and analyse datasets to spot trends. i’m still a student and i don’t have industry experience in threat intelligence yet, so i’m trying to prepare properly without overthinking. i have a basic cybersecurity/networking background from school. for people who work in cybersecurity, threat intelligence, soc, what kind of technical questions would you ask for an intern in this type of role? what would you focus on first? i would really appreciate any advice on what to study, what kind of examples to prepare, and what would make a student candidate stand out in a hiring manager interview for this kind of cybersecurity internship.

reddit.com
u/Active_Nobody_2725 — 2 days ago
▲ 15 r/SecurityCareerAdvice+1 crossposts

BS in cybersecurity

hello,

i graduated snhu with a bs in cybersecurity a couple months back and im pretty lost. i was on reddit and a lot of people were saying cybersecurity isnt really an entry-level field, and i get that. the problem is i feel like i barely learned everything because a lot of the time it wasnt really about learning, it was just "how do i get a good grade so i can pass?" im kinda regretting that now because i dont really know what to do. im thinking maybe getting a help desk or support desk job would be a good way to get experience while i work on my certs. would that actually help? what would you do if you were in my position?

reddit.com
u/Dull_Historian_1036 — 3 days ago

Going from biology to cyber security

I got a B.S. in biology in psychology and absolutely hated it. I was constantly bored or confused.

I am considering joining the military, my mom did chemical warfare, but my dad did cybersecurity.

Is it possible to go from biology to cybersecurity or do I have to have a bachelors in CS or IT first?

I want to be able to work from home like my dad does. I also do enjoy electronics, my high school electrical class was one of my favorites and I enjoy making radios and similar stuff, but that's hardware.

reddit.com
u/Electrical_Chain53 — 3 days ago
▲ 10 r/SecurityCareerAdvice+5 crossposts

i need guidance what to do after i finished my firewall project.

hello guys, i just finished my first project which is a NGFW Firewall .
and after testing it on over 40 kinds of malwares it was really successful against polymorphics and other kind of malwares i need someone to guide me should i publish it as an Open-source firewall or should i wait for someone to get interested in it and maybe he could buy it from me .
.
github.com/manaf-dev1/sentinel-firewall
this is the firewall its just a readme i update everytime i accomplish something and you'll find the latest update of what i've done .
i wish if a real expert could guide me what to do with it because in my region there's no support for this kind of stuff and they're just interested in famous providers . such as PaloAlto , etc...

github.com
u/ALDulaimi-Dev — 3 days ago

Are Cybersecurity Bachelor’s Programs Setting Students Up to Fail?

I’ve been seeing a lot of posts from people asking how to get into cybersecurity. One thing many of them have in common is that they have a bachelor’s degree in cybersecurity and a few basic certifications. My question is: why are they asking Reddit? They had four years, professors, career services, and an entire university system that was supposed to prepare them for this.

After looking into it, I noticed that many traditional universities don’t even offer a bachelor’s in cybersecurity. Instead, they offer master’s programs in cybersecurity, while their undergraduate IT-related degrees are usually Computer Science, Management Information Systems (MIS), or Information Systems, often through the business school. As someone with a finance degree, completing an internship was required to graduate. The same was true for many of my friends in other majors. That makes me wonder whether some students are being misled by degree mills or universities that market cybersecurity degrees without adequately preparing students for the job market. There’s a reason many universities historically treated cybersecurity as a graduate field rather than an entry-level undergraduate major. Yet every day on this subreddit, we see people with a bachelor’s in cybersecurity and a Security+ asking why they can’t find a job.

Maybe I’m wrong, but it feels like this trend really took off after 2020. I’ve always been interested in IT, and the common undergraduate paths used to be Computer Science, MIS, or Information Systems. The explosion of cybersecurity bachelor’s degrees seems relatively recent. Do you think students should be warned about this, or am I looking at this the wrong way? I genuinely feel bad for people who spent four years earning these degrees only to end up in this situation, because we see posts like that here almost every day.

reddit.com
u/CatchFlightsNotFeelz — 4 days ago