I think this the push I needed to actually do this! I've been thinking about doing it. Sucks when you know you can do the work but the fact that you don't have experience means you're nothing in the job market.
People like you get ahead of honest applicants, who chose not to lie. The fact that you have no regrets shows that you're lacking in sense or conscience.
Sadly that's what we all have to do to get started. I have been rejected many times for being honest and only when I decided that I am gonna lie about my experience I managed to get a job. Nobody cares about giving you the chance if you have no expereince.
Really great advice! This type of self-initiated planning for any job is a must for young and/or inexperienced people in today’s world arena. You show some great examples of how to do this and I am sure there are people who will become happy, successful, employed or self-employed workers due to your advice! Thank you!
You could use the first project as a SOC analyst project. Install the Elastic Stack. Configure Logstash to Process Honeypot Logs. Configure Kibana to Visualize the Data.
I love some of the ideas discussed but why is actual web application testing (QA) never discussed? Speaking from experience, there's a far greater set of skills gained from learning testing fundamentals over web dev.
This is a great video but I want to know where to start. I understand this video is general but say I don’t know how to setup/make a web app. Where would I look to start? What sources would be good to look into or repos to clone?
Some good ones would be setting up a virtual lab environment to simulate a SOC. And in that lab, deploy a SIEM (Splunk or the ELK Stack / Elasticsearch, Logstash, Kibana). Another option is Security Onion or Wazuh. There is a good series by HackerSploit on setting up Wazuh as a SIEM (czcams.com/video/Hq58_yGJwHk/video.html).A SIEM project like that would go a long way. Another project idea would be to deploy a PFSense firewall (www.pfsense.org/download) to learn how they work and how to create firewall rules. It also has built-in integrations with the Snort IDS/IPS. Also on the network side, even just deploying Snort or Suricata can be really beneficial in learning how an IPS or IDS works, and we actually cover this in the upcoming SOC 101 course. Other project ideas: To get EDR experience - look into LimaCharlie For event logging and log analysis, look into installing and configuring Sysmon or using DeepBlueCLI The best advice for doing any of these projects, is to document it somewhere. Even if it's just a blog post, or a README on GitHub. Something to document the steps you took, what your objective/goal was, any issues you ran into along the way (and how you solved them), and what you learned by completing the project.
Are you in our Discord server? Sometimes people share jobs there - would recommend checking it out! Here's a link to the server: discord.com/invite/tcm
PROT TIP:
I got m first job lying that I had 3 months of experience...
5 years after, still no regrets
I think this the push I needed to actually do this! I've been thinking about doing it. Sucks when you know you can do the work but the fact that you don't have experience means you're nothing in the job market.
People like you get ahead of honest applicants, who chose not to lie. The fact that you have no regrets shows that you're lacking in sense or conscience.
NO REGERTS
Sadly that's what we all have to do to get started. I have been rejected many times for being honest and only when I decided that I am gonna lie about my experience I managed to get a job. Nobody cares about giving you the chance if you have no expereince.
Every single one of my friends in tech have gotten their first job by lying. Except for one person who is given a chance by pwc
Really great advice! This type of self-initiated planning for any job is a must for young and/or inexperienced people in today’s world arena. You show some great examples of how to do this and I am sure there are people who will become happy, successful, employed or self-employed workers due to your advice! Thank you!
Love it, what about projects for SOC analyst since this is great for an entry level jobs in cybersecurity
You could use the first project as a SOC analyst project. Install the Elastic Stack. Configure Logstash to Process Honeypot Logs. Configure Kibana to Visualize the Data.
We outline a few ideas in this livestream recording with Andrew Prince aka our Blue Team Content Creator! czcams.com/users/liveEECmpBBbn5Y
Nice content! The funny thing is: Building a Honeypot is quite similar from creating a CTF.
Thank you so much.
I love some of the ideas discussed but why is actual web application testing (QA) never discussed?
Speaking from experience, there's a far greater set of skills gained from learning testing fundamentals over web dev.
Thank you 😊👏
Hey, any ideas on the honeypot project?
This is a great video but I want to know where to start. I understand this video is general but say I don’t know how to setup/make a web app. Where would I look to start? What sources would be good to look into or repos to clone?
Any projects that would help one who is trying to break in a SOC environment?
Some good ones would be setting up a virtual lab environment to simulate a SOC. And in that lab, deploy a SIEM (Splunk or the ELK Stack / Elasticsearch, Logstash, Kibana).
Another option is Security Onion or Wazuh. There is a good series by HackerSploit on setting up Wazuh as a SIEM (czcams.com/video/Hq58_yGJwHk/video.html).A SIEM project like that would go a long way. Another project idea would be to deploy a PFSense firewall (www.pfsense.org/download) to learn how they work and how to create firewall rules. It also has built-in integrations with the Snort IDS/IPS.
Also on the network side, even just deploying Snort or Suricata can be really beneficial in learning how an IPS or IDS works, and we actually cover this in the upcoming SOC 101 course.
Other project ideas:
To get EDR experience - look into LimaCharlie
For event logging and log analysis, look into installing and configuring Sysmon or using DeepBlueCLI
The best advice for doing any of these projects, is to document it somewhere. Even if it's just a blog post, or a README on GitHub. Something to document the steps you took, what your objective/goal was, any issues you ran into along the way (and how you solved them), and what you learned by completing the project.
interesting content I like!!! and for ethical hacker projects??? THANKS
Hello sir, I'm interested and want to switch to cybersecurity field.. can you please explain the roadmap in your next video?
Hey! We're going to update this video for 2024, but this still has some solid pointers. czcams.com/video/4JZjj_H4ei4/video.html
Hi Sir can you suggest some good companies on where to apply for pentesting jobs around new york? Thank you very much would greatly appreciate it
Are you in our Discord server? Sometimes people share jobs there - would recommend checking it out! Here's a link to the server: discord.com/invite/tcm
Make ctf videos
Pretty sure they did.
Edit they did check like 3 months back in videos.
Here's a recent one we did: czcams.com/video/8QCWgMrqrFk/video.html
@TCMSecurityAcademy yep there it is. Thanks big bro.
1.25x is good, but you could listen to this at 1.5x pretty easily if you wanted
Who is become a ethical hacker..? First me 🖐️
First comment
Second
Fourth comment
Third comment
Fifth comment