One thing about me is I don't know anyone (friends) that have the same energy. I see people in linkedin who always achieve certs and amazing things but they are in different places(colleges or cities), I can't connect with them. But, in my college or my friends they're always surprised by my energy toward pentesting. I can't find friends like me who are motivated to learn more and more in cybersecurity. I feel like I am all alone but it's ok, I know how to live with that I understand that one day at some point in my path I will find friends who have the same energy as me.
@@magicianLogician They learned by genius intellect, a holistic understanding of I.T. and creativity. Terms and techniques like SQL injection, Local File Inclusion and Reverse Shells didn't have names and weren't taught. They were just done, copied and finally documented.
@@magicianLogician Well hacking when I was a kid was way easier. For example you could scan subnet ranges for SMB and if you knew net use you could just map the unprotected shares which were plentiful.
Lets talk about other problems: - Cybersecurity is always going be to the group that gets the most blame when they are trying to fix things aka you will get the most hate of all the IT groups unless you are part of are cyber focused group. - Because cyber doesn’t make money it can be hard to justify the salaries that we make but as soon as a company is hacked these often double and triple when before they had no “budget”. We are a lost leader that constantly protects night and day but we don’t make money, we stop the bad guys from getting the money.
you all need to completely separate the mantle of 'hacker' from 'cybersecurity expert'- the latter is an insult to the former 'security' gets no respect, for a reason- most of them are phoning it in; they took some courses, got some certification, and show up to tell _actual_ 'hackers' (i.e. people with deep knowledge in their field) what the company policy says. Let's be real: they run scans and email reports- how much is that really worth? cybersecurity doesn't fix anything: the CISO is there so that the CEO has someone to fire, when your company (inevitably) leaks data.
I think the most depressing thing about the field of Cyber is that there is a limitation to what can you learn in theory or by doing labs alone. At some point you need a personal mentor, ideally in the work context where you can work on actual projects, but with no entry level jobs anywhere I wonder how many people give up, or worse - how many get positions in dodgy online/ ransomware groups as these are the only people who want to work with you as a beginner…
I don't see a problem with ransomware groups. You gotta put the skills to test, and the more skilled you are, your chances of getting caught almost diminishes (global arrest rate for cyber crime is mere 1% and conviction rate is even lower).
Yeah, it takes time, and right now I’m planning on building a server and I have VMs that I use to practice tools but all I can say is to take it slow to learn and practice even if you fail the first time. I’m also a beginner too, however, I learn from books and I had a professor who is a Pentester who told me what I needed to do.
Yes - but those of any real value are often only available to those who already have a security role. Examples being CREST Registered Tester or CHECK Team Leader. This means the path to professional pen testing might, in practice, include a step into a secops role first. As a hiring manager of a red team, certs are one way of getting shortlisted, but a portfolio of work on open-source projects is equally useful to me.
lol sorry i'm a dick. having a bad day. been spending 5 straight years learning how to code and still no job. 1 masters degree in CS, 5 additional online courses. bound to get bitter every now and then haha. IM BROKE
Great vid. I've worked in networking for a fair few years and became interested in security. Immediately, company needed me to certify in firewall vendors. Now, I am interested more in cyber and loving the self learning process. This video totally solidified everything I've been thinking. 👌
In the corporate world, cyber and IT cost money.. they don’t make any. And it’s all about the bottom line. Harsh but true coming from someone who lives it firsthand. It will never be at the same level as the sales org, responsible for bringing in hundreds of thousands of dollars at any organization.
Happy 750k! Fantastic video, Alex. Thanks for the positive insights! One thing that hit home for me is how difficult pentesting can be in the beginning. I'm glad you said it gets better and more fun as time goes on, I needed to hear that :)
I chose this domain for myself thinking the my interest will push me further but when I came to know that we need to do certifications to prove our knowledge to industries, I was done. Those certifications are wayyyyy beyond my ability to pay 😢. I'm just a college student, Even if I wanted to learn, these expensive certifications are stopping me from doing so 😢.
Thanks for the video man, it’s interesting to see as someone who is just starting out. There were 2 things you said that I would like to ask about, the first is that pentesters are only brought in for regulatory stuff. What are some of the laws that pentesters are needed to help comply with? I was unaware that there were any. Second - just curious, but what is an example of an issue in a jira ticket that got escalated to an office confrontation?
Thanks for this, the more I deep in hacking techniques, the more overwhelming it is, and many times i just learn the technique as an algorithm, without fully understand why. Yeah, It's really important to build things to really understand why, but this helped me to deal with my impostor symdrome untill i become a really expert.
Hi there Cyber Mentor I am a new Sub ,& love your advice ,I did want to ask you can you make a video of which exactly fundamentals labs we need to do on HackTheBox or which INE labs we’d need in prior to taking on the eJPT thank you in advance if you do this 🙏🏼
Once you get your OSCP you'll realize you're just scratching the surface but it's so awesome to keep going. Don't be afraid of failing, just don't quit
The information is out there! You just have to decide how much you want it. There are people who started out just using Kali on an old android phone cause they didn’t have a laptop. In telegram, on RU-vid, all the information is out there you just have to decide how much time you want to put into it. And: if you want to work for someone else: then certs matter. But if you want to work for yourself, getting a cert can maybe help yourself understanding what you know. Just remember: There are many professors with a PhD in English, but none of them could even begin to compare to Robert Frost If I’m not mistaken, never even graduated high school.
Great video but you left out 2 important things get a certification speciifcally in EH first to get a good foundation and learn to seperate bs from useful info otherwise you go down a rabbit hole.
Start with PJPT then PNPT. I was doing the eJPT but it was getting updated (some videos replaced) not sure it was finished getting updated yet though. Currently doing PJPT and so far so good. Honestly probably a good idea to do both before moving to the more advanced pnpt or ecpt
First off…thank you for all of the videos, they’re awesome!!! In my current job I spend a lot of time driving so I can listen to them and try to learn something new while getting paid, woo hoo! While taking a break from learning I came across a video where a guy got a tattoo of one of your logos and got free access to all of your courses for life. Is this a real thing? If so how do you go about it, I’d definitely get a tattoo for free lifetime education!!!
if you are a complete beginner with no background knowledge then yes, but if you have been learning for a year or two and you are sort of an intermediate then its unnecessary. Take my advice with a grain of salt and DYOR.
@@_DataSets_ Yes I do have knowledge about cyber security cause I'm in 5th semester of cyber sec . I know about computer networks, network security, programming with ( OOP and DSA) in c++,bash scripting, kali and nmap but I wanna learn pentesting via hands on practice .furthermore I want a tag which says I'm skilled enough for pentesting . so I was thinking of going for ejpt as it's well recognized cert .Now should I proceed with it?
@@_DataSets_ I'm not a complete beginner .I'm in 5th semester of cyber sec .I've knowledge about computer networks, network sec, programming (oop and DSA) in c++,bash ,kali and nmap.But I wanna learn pentesting with hands on practice.furthermore I want a tag which says I'm skilled enough for this role .So I was going for ejpt.should I proceed with it?
How can you be a certified pro when every 30 mins there's new malicious coding popping up you never seen chat gpt has made it way too easy along with wizard payload
"Ifølge noen brukere på Reddit, spesifikt en som allerede hadde erfaring som pentester, var TCMs praktiske etiske hackingkurs ikke verdt pengene. De mente at mye av materialet overlappet med det de allerede hadde lært fra andre kilder, og at noen av labene var tidkrevende å sette opp. Aktivitetskatalogen var også utdatert!"
"🎉 Congratulations on 750k subscribers! touch of XSS humor: alert('I love PWPT!') Looking forward to diving into the world of web penetration testing with the PWPT certification. Thanks for the opportunity!"
