September 21, 2021

Mentorship Monday

This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do *you* want to know about certs/degrees, job requirements, and any other general cybersecurity career questions?

Additionally, we encourage everyone to check out [Questions]( posted in the last week and see if you can answer them!



Hello, I’m new to the cyber security sector but I have been doing some python coding and data analytics on the side (hobby picked up during the pandemic). I’m currently looking into switching into the cyber security profession. I currently have a Master’s Degree (in Kinesiology, athletic training specifically 8+ years working experience) and I’m curious as what the best route would be for me to get into the profession. As of now, I see 3 different routes and need some help choosing what one is the best for me.

I could go back to school and get another BS or MS.

1. Cost seems similar to a boot camp
2. Time seems to be longer than a bootcamp


1. Jobs seem to state “bachelor’s or 4 years of equivalent experience”
2. Questionable in some of the knowledge/integrity of the programs


1. I saw that the CompTia Security+ and Network+ come with a study package as well as 2 chances to take the exam
2. Much cheaper than bootcamp/degree
3. Could be shorter time depending on personal study habits/commitments

I guess the main question I have to this, is there much difference in the ability to attain a job after doing one of these? It seems the cert route would be the fastest and most cost effective, but without experience and degree, would I be able to get a job easily? The bootcamps seem costly but quick, some have a “job guarantee”, which fine print really shows its not a guarantee. The degree seems like a solid route, but would I be behind new grads with a degree?

tl;dr – Is it easier to get a job with just certifications, degree, or bootcamp?

Thanks ahead of time.


Howdy neighbors. Been in the helpdesk/IT admin role for over 10 years now. Looking for something different to get into.

Became the head IT gancho this year for my company because i wanted to get away from being tier 1/2 support and I thought this is what I wanted. Quickly realizing I don’t wanna do this long term. Of course, might just be our setup here. Even though I’m the IT admin, I’m still doing tier 1/2/3/4/5/etc support. We just have the one IT admin (me) for 3 offices and I’ll eventually get someone working under me (hopefully) to help out. So it’s just me handling everything. Yay.

Anyways, I was hoping to get more into security side of things, which I can do at my company but I have too many hats to wear to focus on that unfortunately. I have my CySA+ and CISSP, but don’t really have much opportunity to focus on security skills with my job at work other than just maintaining firewalls, making sure things are patched and updated, disabling user accounts…the usual stuff. I try and do some self study here and there. I have been looking into maybe going for more of a consulting role instead. Perhaps even doing some GRC consulting or something similar.

Any advice for a soon-to-be-sysadmin-burnout?


So I’m just starting out in the space, spent a number of years working as a data analyst and doing some data engineering work, but completely self-taught. I’m currently in school in a CS program, but there’s not a lot on offer for security classes so trying to figure out how to build up that experience etc. I also found that I learn a lot more when I’m on the job and have actual work to do, but not finding many options for internships/part-time work. They all seem to require all this experience that I don’t have and I don’t know many of the concepts they reference either. I also looked at some things tangentially related like sys admin, but again couldn’t find anything for more junior people.


Can someone advice me for Security Analyst vs Security Engineer in terms of
1. The role? (I believe I roughly know what the 2 does)
2. 5 years later, what are the opportunity and roles I’ll be available to get? And will this be higher or lower demand?


Which SANS course/GIAC exam I should take next (paid for)?

I just passed my GSEC and am currently studying for the GCIH. I’m not in a security position (yet!) but come from a system admin background (3 years). I find myself oscillating between red and blue teams almost by the day (CTFs are fun but also tracking an incident was exciting too). I would love some insight on how you’ve chosen which “team” to be a part of and/or if you’ve taken any of the following SANS courses, what you thought about the course(s) and how has it helped your career.

* SEC501: Advanced Security Essentials, Enterprise Defender (GCED)
* SEC503: Intrustion Detection In-Depth (GCIA)
* SEC504: Cloud Security and DevOps Automation (GCSA)
* SEC542: Web App Pen Testing and Ethical Hacking (GWAPT)
* SEC560: Network Pen Testing and Ethical Hacking (GPEN)

Thanks for reading! Any advice is welcome


Is it reasonable to expect a fresh cyber grad to get a permanent work from home accommodation at their first job if they are disabled? If so, what would that look like?


I am looking for some mid career advice. I was wondering how to get hired onto some of the top tier red teams like the AWS red team? I have industry experience (6 years), some certifications (OSCP, CISSP, Sec+, …), I practice on HTB frequently (Elite Hacker), and a veteran background. I’m currently working towards OSWE. I tried submitting a few applications but they seem to get ignored. I also reached out to recruiters but they don’t seem to message me back. I don’t have connections there so I’m not sure what else I could do. Any thoughts or suggestions?


Going into a DOD branch like the navy?/air force for experience/ security clearances?


Best certs for “entry level”?

Also best study materials for CySA+?

Thanks in advance!


Best computer to start in the industry? Currently own M1 mini


Hi Everyone, i couple of month i start cybersecurity, training in site like Tryhackme & EDX.

My doubt, how you keep updated with articles about new tools, trainings or malware, like virus, ransomware, etc.?

Do you recommend a newsletter, site to keep updated?, i know alienware and think Mitre also have one.

Thanks in advance.


I have a question, so I will be graduating with a BS in criminal justice next may but I am realizing I actually want to go into the cyber security field. Is a crim jus degree even remotely beneficial?


Hi, I recently just got my first job in Info Security which is great, but I’m struggling to figure out where I should go next. I just finished a bachelor’s degree in music and recently completed my Security+ certification as well. I have a pretty strong coding background as well. Is it worth going back to school to get another bachelors or maybe a masters? or am I better off getting experience and working towards new certifications? Thanks


I am just starting with this journey, I am trying to get really into this. Does anyone have good tips, suggestions, software, languages, or certifications that would help me out? Also, what software is most known for cybersecurity.


Can anybody suggest me a good resource for IT Risk Management and IT procurement specifically for FintEch. Thanks.


I just start in this journey, what do you recommend me to follow for start ? INE Starter pass or TryHackMe paths ? (And do THM Sub is worth it ?) Thanks


Is there an industry standard way to list certifications?

For instance, the AZ-500 Microsoft Certified Azure Security Engineer Associate

How do you folks list it?


Hello guys
I just attended the Faculty of Computer Science, I am planning to be a cyber security engineer, I want tips from you like where to start self-teaching, I absolutely do not have any experience in this field and I just signed up for cs50, what to do after cs50?


Hi all, I recently started a new role as a Trainee Information Security Analyst, coming from an IT Support background. I was wondering if you guys had any book recommendations that may be beneficial for my learning? Whatever will grow my knowledge the most – especially in the various types of threats that exist.


Are there any tips you would give to somebody who wants to get a start in the IT world but trying to study A+ & Security + with just Youtube videos is way too hard for me. I’m trying to make something of myself. my folks are getting old and it’s been like 5-6 years passing me by and me trying to convince myself i’ll get to it.




Hey all-

I’m a senior at a small state college expecting to graduate with a degree in cybersecurity in may. My degree is super new at the college, and I honestly havent learned much since the courses arent in depth since theyre so new. What are some things I should be expected to know for an entry level job in cyber?


what areas of cyber do u recommend avoid/find boring and what do u think is interesting and is the future in security?


Are there any resources for those of us that want to focus on the GRC/RMF branch within cybersecurity? I’ve been looking around but have found no solid advice for resources.


What are some good resources on social engineering/social engineering defences?

There are a lot of “hyped-up” books without many sources or theory, I’m looking for something sort of “fundamental”? if it exists, like Kernigan and ritchie is for C.

Is there a better place to ask this?


About how far in advance should I start applying for jobs? I am a senior at my uni and will be graduating the following, May 2022.


How do I know when I am ready for the sec601+ test? I have watched messer’s stuff twice, re-read one of the sybex books and studied messers notes. I feel pretty good with the basics, but sometimes I see practice questions that feel levels higher than what I know. I really dont want to fail and lose the money.

To use a metaphor, I know the ABCs, but sometimes I see test questions that feel like phd level english questions.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.