One thing about me is I don't know anyone (friends) that have the same energy. I see people in linkedin who always achieve certs and amazing things but they are in different places(colleges or cities), I can't connect with them. But, in my college or my friends they're always surprised by my energy toward pentesting. I can't find friends like me who are motivated to learn more and more in cybersecurity. I feel like I am all alone but it's ok, I know how to live with that I understand that one day at some point in my path I will find friends who have the same energy as me.
@@magicianLogician They learned by genius intellect, a holistic understanding of I.T. and creativity. Terms and techniques like SQL injection, Local File Inclusion and Reverse Shells didn't have names and weren't taught. They were just done, copied and finally documented.
@@magicianLogician Well hacking when I was a kid was way easier. For example you could scan subnet ranges for SMB and if you knew net use you could just map the unprotected shares which were plentiful.
I think the most depressing thing about the field of Cyber is that there is a limitation to what can you learn in theory or by doing labs alone. At some point you need a personal mentor, ideally in the work context where you can work on actual projects, but with no entry level jobs anywhere I wonder how many people give up, or worse - how many get positions in dodgy online/ ransomware groups as these are the only people who want to work with you as a beginner…
I don't see a problem with ransomware groups. You gotta put the skills to test, and the more skilled you are, your chances of getting caught almost diminishes (global arrest rate for cyber crime is mere 1% and conviction rate is even lower).
Lets talk about other problems: - Cybersecurity is always going be to the group that gets the most blame when they are trying to fix things aka you will get the most hate of all the IT groups unless you are part of are cyber focused group. - Because cyber doesn’t make money it can be hard to justify the salaries that we make but as soon as a company is hacked these often double and triple when before they had no “budget”. We are a lost leader that constantly protects night and day but we don’t make money, we stop the bad guys from getting the money.
you all need to completely separate the mantle of 'hacker' from 'cybersecurity expert'- the latter is an insult to the former 'security' gets no respect, for a reason- most of them are phoning it in; they took some courses, got some certification, and show up to tell _actual_ 'hackers' (i.e. people with deep knowledge in their field) what the company policy says. Let's be real: they run scans and email reports- how much is that really worth? cybersecurity doesn't fix anything: the CISO is there so that the CEO has someone to fire, when your company (inevitably) leaks data.
Yeah, it takes time, and right now I’m planning on building a server and I have VMs that I use to practice tools but all I can say is to take it slow to learn and practice even if you fail the first time. I’m also a beginner too, however, I learn from books and I had a professor who is a Pentester who told me what I needed to do.
Yes - but those of any real value are often only available to those who already have a security role. Examples being CREST Registered Tester or CHECK Team Leader. This means the path to professional pen testing might, in practice, include a step into a secops role first. As a hiring manager of a red team, certs are one way of getting shortlisted, but a portfolio of work on open-source projects is equally useful to me.
lol sorry i'm a dick. having a bad day. been spending 5 straight years learning how to code and still no job. 1 masters degree in CS, 5 additional online courses. bound to get bitter every now and then haha. IM BROKE
In the corporate world, cyber and IT cost money.. they don’t make any. And it’s all about the bottom line. Harsh but true coming from someone who lives it firsthand. It will never be at the same level as the sales org, responsible for bringing in hundreds of thousands of dollars at any organization.
Great vid. I've worked in networking for a fair few years and became interested in security. Immediately, company needed me to certify in firewall vendors. Now, I am interested more in cyber and loving the self learning process. This video totally solidified everything I've been thinking. 👌
Happy 750k! Fantastic video, Alex. Thanks for the positive insights! One thing that hit home for me is how difficult pentesting can be in the beginning. I'm glad you said it gets better and more fun as time goes on, I needed to hear that :)
I chose this domain for myself thinking the my interest will push me further but when I came to know that we need to do certifications to prove our knowledge to industries, I was done. Those certifications are wayyyyy beyond my ability to pay 😢. I'm just a college student, Even if I wanted to learn, these expensive certifications are stopping me from doing so 😢.
Thanks for the video man, it’s interesting to see as someone who is just starting out. There were 2 things you said that I would like to ask about, the first is that pentesters are only brought in for regulatory stuff. What are some of the laws that pentesters are needed to help comply with? I was unaware that there were any. Second - just curious, but what is an example of an issue in a jira ticket that got escalated to an office confrontation?
Great video but you left out 2 important things get a certification speciifcally in EH first to get a good foundation and learn to seperate bs from useful info otherwise you go down a rabbit hole.
The information is out there! You just have to decide how much you want it. There are people who started out just using Kali on an old android phone cause they didn’t have a laptop. In telegram, on CZcams, all the information is out there you just have to decide how much time you want to put into it. And: if you want to work for someone else: then certs matter. But if you want to work for yourself, getting a cert can maybe help yourself understanding what you know. Just remember: There are many professors with a PhD in English, but none of them could even begin to compare to Robert Frost If I’m not mistaken, never even graduated high school.
Thanks for this, the more I deep in hacking techniques, the more overwhelming it is, and many times i just learn the technique as an algorithm, without fully understand why. Yeah, It's really important to build things to really understand why, but this helped me to deal with my impostor symdrome untill i become a really expert.
Once you get your OSCP you'll realize you're just scratching the surface but it's so awesome to keep going. Don't be afraid of failing, just don't quit
Hi there Cyber Mentor I am a new Sub ,& love your advice ,I did want to ask you can you make a video of which exactly fundamentals labs we need to do on HackTheBox or which INE labs we’d need in prior to taking on the eJPT thank you in advance if you do this 🙏🏼
First off…thank you for all of the videos, they’re awesome!!! In my current job I spend a lot of time driving so I can listen to them and try to learn something new while getting paid, woo hoo! While taking a break from learning I came across a video where a guy got a tattoo of one of your logos and got free access to all of your courses for life. Is this a real thing? If so how do you go about it, I’d definitely get a tattoo for free lifetime education!!!
Start with PJPT then PNPT. I was doing the eJPT but it was getting updated (some videos replaced) not sure it was finished getting updated yet though. Currently doing PJPT and so far so good. Honestly probably a good idea to do both before moving to the more advanced pnpt or ecpt
"Ifølge noen brukere på Reddit, spesifikt en som allerede hadde erfaring som pentester, var TCMs praktiske etiske hackingkurs ikke verdt pengene. De mente at mye av materialet overlappet med det de allerede hadde lært fra andre kilder, og at noen av labene var tidkrevende å sette opp. Aktivitetskatalogen var også utdatert!"
if you are a complete beginner with no background knowledge then yes, but if you have been learning for a year or two and you are sort of an intermediate then its unnecessary. Take my advice with a grain of salt and DYOR.
@@_DataSets_ Yes I do have knowledge about cyber security cause I'm in 5th semester of cyber sec . I know about computer networks, network security, programming with ( OOP and DSA) in c++,bash scripting, kali and nmap but I wanna learn pentesting via hands on practice .furthermore I want a tag which says I'm skilled enough for pentesting . so I was thinking of going for ejpt as it's well recognized cert .Now should I proceed with it?
@@_DataSets_ I'm not a complete beginner .I'm in 5th semester of cyber sec .I've knowledge about computer networks, network sec, programming (oop and DSA) in c++,bash ,kali and nmap.But I wanna learn pentesting with hands on practice.furthermore I want a tag which says I'm skilled enough for this role .So I was going for ejpt.should I proceed with it?
How can you be a certified pro when every 30 mins there's new malicious coding popping up you never seen chat gpt has made it way too easy along with wizard payload
"🎉 Congratulations on 750k subscribers! touch of XSS humor: alert('I love PWPT!') Looking forward to diving into the world of web penetration testing with the PWPT certification. Thanks for the opportunity!"
One thing about me is I don't know anyone (friends) that have the same energy. I see people in linkedin who always achieve certs and amazing things but they are in different places(colleges or cities), I can't connect with them. But, in my college or my friends they're always surprised by my energy toward pentesting. I can't find friends like me who are motivated to learn more and more in cybersecurity. I feel like I am all alone but it's ok, I know how to live with that I understand that one day at some point in my path I will find friends who have the same energy as me.
Same here man
😢same
Same😢
Same 😢
Same here bro, I'm here if u need studybro
I joined hackers group and they told me "Hackers are people who train themselves"
how did the first hackers learn? they didn’t have cybersecurity “content creators.”
@@magicianLogician They learned by genius intellect, a holistic understanding of I.T. and creativity.
Terms and techniques like SQL injection, Local File Inclusion and Reverse Shells didn't have names and weren't taught. They were just done, copied and finally documented.
@@magicianLogician Well hacking when I was a kid was way easier. For example you could scan subnet ranges for SMB and if you knew net use you could just map the unprotected shares which were plentiful.
They read books!
@@werdna_sirthat's such a snobby, elitist response
hearing u say that first part about not understanding everything but proceeding was such a relief to here. holy shit
I think the most depressing thing about the field of Cyber is that there is a limitation to what can you learn in theory or by doing labs alone. At some point you need a personal mentor, ideally in the work context where you can work on actual projects, but with no entry level jobs anywhere I wonder how many people give up, or worse - how many get positions in dodgy online/ ransomware groups as these are the only people who want to work with you as a beginner…
I don't see a problem with ransomware groups. You gotta put the skills to test, and the more skilled you are, your chances of getting caught almost diminishes (global arrest rate for cyber crime is mere 1% and conviction rate is even lower).
Lets talk about other problems:
- Cybersecurity is always going be to the group that gets the most blame when they are trying to fix things aka you will get the most hate of all the IT groups unless you are part of are cyber focused group.
- Because cyber doesn’t make money it can be hard to justify the salaries that we make but as soon as a company is hacked these often double and triple when before they had no “budget”. We are a lost leader that constantly protects night and day but we don’t make money, we stop the bad guys from getting the money.
Exactly, never rely on your job
That's why being a gray hat is pretty justified
you all need to completely separate the mantle of 'hacker' from 'cybersecurity expert'- the latter is an insult to the former
'security' gets no respect, for a reason- most of them are phoning it in; they took some courses, got some certification, and show up to tell _actual_ 'hackers' (i.e. people with deep knowledge in their field) what the company policy says. Let's be real: they run scans and email reports- how much is that really worth?
cybersecurity doesn't fix anything: the CISO is there so that the CEO has someone to fire, when your company (inevitably) leaks data.
Thanks for the videos as the beginner I constantly feel like I don’t know what’s going on. I can’t wait for everything to click.
Yeah, it takes time, and right now I’m planning on building a server and I have VMs that I use to practice tools but all I can say is to take it slow to learn and practice even if you fail the first time. I’m also a beginner too, however, I learn from books and I had a professor who is a Pentester who told me what I needed to do.
@@Mugen_FB317 which books are you using?
"certifications are a necessary evil" harsh true
harsh “ truth “
@@danielgray1073harsh, true
Yes - but those of any real value are often only available to those who already have a security role.
Examples being CREST Registered Tester or CHECK Team Leader.
This means the path to professional pen testing might, in practice, include a step into a secops role first.
As a hiring manager of a red team, certs are one way of getting shortlisted, but a portfolio of work on open-source projects is equally useful to me.
lol sorry i'm a dick. having a bad day. been spending 5 straight years learning how to code and still no job. 1 masters degree in CS, 5 additional online courses. bound to get bitter every now and then haha. IM BROKE
@@danielgray1073 fwiw my son is in a very similar position to you, and I feel ya - it sucks AND blows all at once :/
In the corporate world, cyber and IT cost money.. they don’t make any. And it’s all about the bottom line. Harsh but true coming from someone who lives it firsthand. It will never be at the same level as the sales org, responsible for bringing in hundreds of thousands of dollars at any organization.
Having a ransomware attack is very expensive.
Great vid.
I've worked in networking for a fair few years and became interested in security. Immediately, company needed me to certify in firewall vendors.
Now, I am interested more in cyber and loving the self learning process.
This video totally solidified everything I've been thinking. 👌
Happy 750k!
Fantastic video, Alex. Thanks for the positive insights! One thing that hit home for me is how difficult pentesting can be in the beginning. I'm glad you said it gets better and more fun as time goes on, I needed to hear that :)
I love the straight-forward-ness of this video. Clear, to the point and without over-sensationalizing. Thank you.
Certification part really hit home. I'm awful at exams and I do panic thinking how am I ever going to progress. Thanks for your input!
We need group to support us beginners
Check out our Discord server! You'll probably find some folks just starting out there. discord.com/invite/tcm
I chose this domain for myself thinking the my interest will push me further but when I came to know that we need to do certifications to prove our knowledge to industries, I was done. Those certifications are wayyyyy beyond my ability to pay 😢. I'm just a college student, Even if I wanted to learn, these expensive certifications are stopping me from doing so 😢.
@@ayvid. Get a job at a company doing cybersecurity, then get them to pay for the certs. Just finished my OSCP doing this
@@GodlyTankbro chicken before the egg what are u talking about
@@bobdole6691 All you need is A+ Sec+ and Net+ to get an entry position doing cybersecurity, but I guess IT experience helps as well beforehand
Thanks for being honest about your learning experience.
You don't even know how much I needed to hear this
Really appreciate that. Thanks for dropping by.
Thanks a lot, you are so kind and I watch you as my mentor in cybersec
Really i feel 😅 Same here
In Ethical Hacking domain
Thanks, sir!!!! I’m working on improving my skills and learning to become a Pentester I was struggling but I’m not giving up!!
We're proud of you!
This was just what I needed to hear!
Great video, content and Advice.
👍👍
Thanks for the video man, it’s interesting to see as someone who is just starting out. There were 2 things you said that I would like to ask about, the first is that pentesters are only brought in for regulatory stuff. What are some of the laws that pentesters are needed to help comply with? I was unaware that there were any. Second - just curious, but what is an example of an issue in a jira ticket that got escalated to an office confrontation?
Congratulations on 750k subs ✨
It'd be really helpful if you can make a video on how to contribute in open source from the cybersec domain
Interesting idea! Will add it to the list.
Drinking from a firehose would be the most accurate description!
Great video but you left out 2 important things get a certification speciifcally in EH first to get a good foundation and learn to seperate bs from useful info otherwise you go down a rabbit hole.
It is overwhelming but cybersecurity is still my goal. However I will start from IT first and see where it gets me.
You'll get there.
Fantastic advice!
Glad you found it useful!
It feels good to hear this from a pros 🎉😊
The information is out there! You just have to decide how much you want it. There are people who started out just using Kali on an old android phone cause they didn’t have a laptop. In telegram, on CZcams, all the information is out there you just have to decide how much time you want to put into it. And: if you want to work for someone else: then certs matter. But if you want to work for yourself, getting a cert can maybe help yourself understanding what you know. Just remember: There are many professors with a PhD in English, but none of them could even begin to compare to Robert Frost If I’m not mistaken, never even graduated high school.
Thanks for this, the more I deep in hacking techniques, the more overwhelming it is, and many times i just learn the technique as an algorithm, without fully understand why. Yeah, It's really important to build things to really understand why, but this helped me to deal with my impostor symdrome untill i become a really expert.
How should I start ethical hacking as a beginner
Once you get your OSCP you'll realize you're just scratching the surface but it's so awesome to keep going. Don't be afraid of failing, just don't quit
Hi there Cyber Mentor I am a new Sub ,& love your advice ,I did want to ask you can you make a video of which exactly fundamentals labs we need to do on HackTheBox or which INE labs we’d need in prior to taking on the eJPT thank you in advance if you do this 🙏🏼
First off…thank you for all of the videos, they’re awesome!!! In my current job I spend a lot of time driving so I can listen to them and try to learn something new while getting paid, woo hoo! While taking a break from learning I came across a video where a guy got a tattoo of one of your logos and got free access to all of your courses for life. Is this a real thing? If so how do you go about it, I’d definitely get a tattoo for free lifetime education!!!
Thank you! And yes, this is a thing. Email support@tcm-sec.com to learn more about it.
Awesome, thank you!!!
State management in React? Let me know what you would want to understand.
Guys help. Should i take the ejpt or pjpt. Which is better?
Start with PJPT then PNPT. I was doing the eJPT but it was getting updated (some videos replaced) not sure it was finished getting updated yet though. Currently doing PJPT and so far so good. Honestly probably a good idea to do both before moving to the more advanced pnpt or ecpt
"Ifølge noen brukere på Reddit, spesifikt en som allerede hadde erfaring som pentester, var TCMs praktiske etiske hackingkurs ikke verdt pengene. De mente at mye av materialet overlappet med det de allerede hadde lært fra andre kilder, og at noen av labene var tidkrevende å sette opp. Aktivitetskatalogen var også utdatert!"
"There is no certification leaderboard." oof.
being less salty in tickets...oh boy😆
Should I go for ejpt?
i think it s good for beginer for pentesting porpuses.
I am going for it
if you are a complete beginner with no background knowledge then yes, but if you have been learning for a year or two and you are sort of an intermediate then its unnecessary. Take my advice with a grain of salt and DYOR.
@@_DataSets_ Yes I do have knowledge about cyber security cause I'm in 5th semester of cyber sec . I know about computer networks, network security, programming with ( OOP and DSA) in c++,bash scripting, kali and nmap but I wanna learn pentesting via hands on practice .furthermore I want a tag which says I'm skilled enough for pentesting . so I was thinking of going for ejpt as it's well recognized cert .Now should I proceed with it?
@@_DataSets_ I'm not a complete beginner .I'm in 5th semester of cyber sec .I've knowledge about computer networks, network sec, programming (oop and DSA) in c++,bash ,kali and nmap.But I wanna learn pentesting with hands on practice.furthermore I want a tag which says I'm skilled enough for this role .So I was going for ejpt.should I proceed with it?
state management is not hardddd
How can you be a certified pro when every 30 mins there's new malicious coding popping up you never seen chat gpt has made it way too easy along with wizard payload
What about blueteams?
We can do another video about that in the future since we have a dedicated blue team content creator on staff now!
Another good and positive video !
This man is so beautiful. I want to put my face next to the arch of his foot!
"🎉 Congratulations on 750k subscribers!
touch of XSS humor:
alert('I love PWPT!')
Looking forward to diving into the world of web penetration testing with the PWPT certification. Thanks for the opportunity!"
Happy 750K Subs 🥰.
Lets see if we can grab a (free) voucher for PWPT.
Thanks,
@MuslimFromPK