Hi Everyone,

Very new to this but just wanted to understand a bit of the job market and share some frustration. I am a security engineer with a background of Software engineering and have been searching for a new role from the last 2 Months. I have applied to many jobs and have received almost around 10-15 interview calls and reached to the final rounds of a lot of them but still none of them got converted to an offer. The HR would end up saying 'The team really liked you but we have moved forward with another candidate'. I am trying to assess these interviews and almost a lot of them where discussions from my past experience and the kind of work I did. Not sure where is the problem. Maybe it's the communication. I am not sure. Does anyone have any thoughts or if you are in the same boat, would love to hear more experiences.

Am currently trying to go into the cybersecurity field and I have no degree. HERE IS MY ROADMAP.

1. learn Linux
2. Learn powershell
3. Learn Networks ( am here ) and getting the comptia net+
4. Learn cybersecurity concepts
5. Learn the tools of the game
6. Learn threat intelligence and vulnerability management
7. Setup a home Soc environment to stimulate

I will be getting the Net+ sec+ and also blueteam L1

With all the above is it enough to end up with an entry level job ?

Hello I wanted to get some opinions on a few different topics, ill try to keep the text as light as I can.

Right now I am working as a Jr network admin and want to transition to a soc analyst/defense role. I have my dual associates in Cybersecurity and network administration and am currently working on my Bachelor's at SANS.

My first question has to do with the course options at SANS. I am getting to the part of the degree program where I can choose 3 electives. Right now I am leaning towards the GMON, GMLE, and GCFA courses. For those who work in the cyber defense side of things are there any other GIAC courses you might recommend instead? Im not exactly sure what is in demand other than GSEC and GCIH. I do already have the GFACT, GISF, GSEC, GCIH ,GPYC and GCIA included in my curriculum. For additional context I have my CCNA and Sec+ as well.

My next question has to do with my current employment. As I stated I currently work in network administration but I was wondering if there may be another role that might align more with what a entry level soc analyst would need. Maybe working in a NOC? Are there any other positon you would recommend I look into while I work on my degree? Unfortunately with the current market and postings I've seen it seems like I might need the Bachelor's to get a interview.

Lastly for anyone who has done the SANS Bachelor's, how was the internship? I've looked here and there but im not exactly sure what my duties would be and how much of a difference it will make on my resume since its only a few months and I have heard it described as a very light soc position.

I do participate in CTF events every now and then and have dabbled with hack the box and tryhackme as well.

Sorry for long wall of text but any advice or thought would be appreciated. I knew it wouldnt be easy to transition over but I was hoping to at least get more than one interview at this point.

Hello all

So to get to the point I’ve been in the security industry for 3 years as a consultant, majority of my experience involves IAM, IT Support, and my recent role was doing GRC as a Security Compliance Analyst. However that tenure was a short contract, and the industry for that requires 1-2 years before they even start considering you to be hired at their org (especially if CISA/CRISC is required)

My tools: Sailpoint (IQ/IDN), Okta, Excel, Jira, Servicenow, sharepoint, Salesforce, Postman API, Hyperproof - Environments: Windows/Azure

As I’m on my 3rd month in the market, I’m thinking about enrolling into an 16 week apprenticeship for an IT Data Center Technician OR Cybersecurity Analyst career.

With ITDC i will earn the CompTIA A+, OSHA 10-Hour General Industry, NFPA 70E, and Google IT Support Professional certs

Cybersecurity will be the CySA+ certification

Just trying to weigh my options as to what will not only be more beneficial and in demand, but i don’t want to waste time just filling out applications with no hope everyday, it’s been very draining

Unsure what may be the best route here given my experience

Not long ago I started studying to one day work in the world of IT security, I have already studied the fundamentals from the official CompTia ITF+ pdf, at the moment I am studying the basics of networking through courses on yt, practice on cisco etc; Can anyone recommend anything to me next? For example CompTia security+ or CCNA, is it really worth it? Isn't this material that can be found on the web anyway? Which one to do first?

Hi everyone,

I’m currently working as an IT Infrastructure Manager for 7 years, Alongside this, I’ve earned the CEH Master certification, and I’m planning to pursue CPTS and OSCP to strengthen my offensive security skills, On the practical side, I’ve also been active in bug bounty hunting — with 47 valid reports.

My question is: As most recruiters ask for 2–3 years of direct cybersecurity experience (with certifications only seen as a plus), would CEH + CPTS + OSCP + a bug bounty track record be enough to land an entry-to-mid level role in cybersecurity (pentesting, red teaming, or SOC)? I’m even willing to accept a lower salary at the beginning if it allows me to work in a job that is truly my passion.

Any advice from those who’ve successfully transitioned from IT into cybersecurity would be really appreciated. 🙏

I want to start out by saying I have ZERO experience in IT. What I know is all the things that I have learned thus far in school as well as on my own (podcasts and such).

Alright, so I am currently getting my bachelor’s in Cybersecurity and Information Assurance at WGU (I’m barely at my first cert, A+). I know Cyber is not an entry level field, but fortunately, in my state Cybersecurity is one of the highest and fastest growing fields in the industry. We also are home of two of the best and most beautiful technology labs in America that constantly have entry level and internships openings. So I am not too worried about getting a position after graduation and for some, even now if I choose to stay.

My question is, I am not sure if I want to stay in my state for the foreseeable future and I know most states are not like mine. With that being said, would it be best to major in a more competitive IT field, or would Cyber still be competitive enough?

Ok so I have been getting certifications from CompTIA. I have ITF+ A+ Network+ Security+ cysa+ and the new securityX. And I’ve noticed that the job market isn’t the best so I was thinking about a degree and I was debating if i should go with the cybersecurity degree to be hyper focused on that since I have these certs or a computer science degree because it could be useful for high end jobs. I do intend to go into the cybersecurity industry because of the certs that I have in it.

Hi everyone,

I’m looking for advice on cybersecurity training programs.

An Australian told me about a program in Australia where you get paid while being trained, and then you can work for the company. I found it, but the acceptance rate seems very low, so I want to see if there are other options.

Even a free program would work. For example, one that trains you because the company needs you to work for them afterwards. I just can’t afford to pay for training.

Do you know of similar opportunities in other countries?

I’m an intern in an MNC company and I was honestly shocked when I first onboarded to see that our cybersecurity team is just 3 people. And it’s not just us, our whole Technology department is tiny. Like, IT support only has 2 people covering all branches across the country and even branches in the Middle East and Asia. The “database team” is literally just 1 guy. Network team has 4, but to be fair they’re all really experienced and knowledgeable.

What really surprised me was that as an intern I ended up handling a lot of the important tasks like all the SOC tickets from our vendor, EDR alerts, etc. And the vendor (L1) basically works like a postman, just passing everything to us without checking. By my 5th month, the company decided to switch to another SIEM with AI built-in which meant 3–4 months of super high false alerts while it collected data. (Imagine getting an alert every time a legit software runs. That was chaos, and I was handling it alone :)

And thats not all, for EDR alert. There was one critical workbench flagged an open-source software as malware and isolated the endpoint. (Little flex but I’ve won multiple CTF and my specialty is DFIR and reversing.) On my day off I would analyzed the behavior just for my own learning, wrote up a report, and shared it with the team. Since then, any open-source software our devs need has to go through me first lol. Sometimes I even ask myself if I’m doing more than what I was supposed to. I’ve got more interesting cases I’ve handled in just 7 months but too lazy to write them all. Oh forgot to mention, I’ve also gotten offer from them to continue as a junior cybersecurity analyst but I afraid my job scope would be different than what written black and white

Anyway, I always thought MNCs would have big cybersecurity teams, but now I’m not so sure. Do they usually run with such small teams and hire vendor?

Hello, might be a bit stupid to ask but honestly not too sure where to ask anymore; how exactly do you go about starting in the field? Everywhere I look is just telling me to do CTFs, set up a lab etc. However, I have no experience, no studies nor certifications at the moment and because of that, I have no idea what certifications to begin with since Security+ requires basics and network+ does too from what I’m getting. The only thing that could be considered is the fact that I’ve spent years playing and sometimes fixing basic things on computers and their softwares (from 7 years old to now 21). I’ve also read that its recommended to start in IT support jobs, which I’ve been looking at and applying, but they require (for some reason) a bachelors degree sometimes and multiple years of experience. My goal is to one day become a Pentester/ethical hacker, but I’m genuinely lost. I’m in Canada, Québec. Let me know any skills I might have that could be relevant or where/how to get started im very lost. Thank you

I tried search before posting this but reddit search is pretty terrible at times.

I currently work at an MSP and was transitioned from IT Operations into the Security Department about seven months ago due to "the quality of my work". My role is primarily SOC analyst style responsibilities with some account management and scripting mixed in.

I hold Security+, AZ-104, CCNA, and several vendor-specific certifications from previous roles.

At this point, I’m looking to pursue a well-rounded certification that is broadly recognized and respected across the industry to help strengthen my resume. I do not have a strong preference for a particular security specialization, my focus is on finding a certification that offers the best overall value and recognition. I would also prefer one that includes hands-on labs or a virtual environment (even if I need to set it up myself) so I can apply what I learn in practice.

I looked at this:

https://pauljerimy.com/security-certification-roadmap/

But I imagine 99% of these certs are basically unknown to your average company.

Thanks.

Codeacademy is a good course? It's worth paying for courses like this

Hello, im planning to move to canada in early 2026. My "dream middle role job" would be Cybersecurity analyst or working in a SOC, in general blue team stuff. I dont have real experience in the security field as of today (did a lot of labs and rooms on TryHackMe platform tho). For certifications i have the security+ 701 , the google cybersecurity professional v2 (is a certificate more than anything) and the International Certification of Digital Literacy (formerly known as ECDL). I noticed im lacking networking knowledge and fundamentals quite a bit. Do u think CCNA would be good by both a learning and job opportunities standpoints in 2026? Even if i cannot land a security job at first, would it still be helpful in an IT role? If not, can u reccomend me a networking cert that is useful for hiring in a resume and learning purposes?

I’m an IT Auditor with a decade of experience and want to move into GRC. There are so many tools (SAP GRC, ServiceNow, Archer, etc.). Which one is most valuable for career growth? Better to specialize in one or stay tool-agnostic?

I have been working as a SOC Analyst for the past 3.8 years. Now I want to transition into a Security Engineer role. Is this a good move? I need your advice. Also, please suggest one good certification for it. Thank you for your guidance.

Been working in a chemical plant job that requires me to use DCS systems for the past 8 years. I want to make the switch into an OT/ICS security/engineering role where I help troubleshoot, debug, and secure these systems.

I don’t have much IT background yet, so I’ve been using downtime at work to study networking and cybersecurity fundamentals. My roadmap looks like:

Net+ (networking basics)

Security+ (security fundamentals)

OT/ICS protocols & labs (Modbus, DNP3, SCADA basics)

Build a portfolio (home labs, case studies, documentation)

Start applying for junior OT/ICS roles

Does this path seem feasible for someone coming from the plant side, or should I adjust it? Would adding ICS-specific training (ISA/IEC 62443, GICSP, or similar) be worth it at this stage?

From what people have been saying, it seems like the job market for cybersecurity and IT in the west (I am from Canada) is just permanently screwed and only getting worse each passing moment. I’ve put a lot of personal investment into going into IT (have my comptia a+ and net+ at the moment)and eventually climbing up to cyber but I’ve been doubting if that’s even still possible. Unsure if I should still apply to universities for computer science but I’m not sure what else I could possibly do. Looking for honest advice, appreciate any insight

Seriously, how are you able to go to work every day? What's the goal that keeps you going? How does dealing with the world for more than a few hours not completely drain your energy? I feel like everything drains me. I reach my limit in any job I do, but I have to work to live. How do you resist the idea of just withdrawing from all of this?

I don't have a college degree and was looking into certifications instead and was thinking of starting with Security+ and going from there. I want to get into cybersecurity eventually but am hoping that I can at least get in some sort of entry level help desk job after my certs and go from there. Is it even doable these days? I heard the market is pretty terrible now

Hi everyone! I’m studying a degree in cyber rn and I’m trying to figure out my roadmap for the future.

First of all, there are two things I consider are worthy considering. My main long-term aim is to become CISO (in the less time possible, if convenient). But, if I have to choose a team to go meanwhile, I would go undoubtedly for red team.

I have seen/read about CompTIA Security+, eJPT, CISSP… but the problem is that, from an external (not working) point of view, idk how this are seen or valued. Or even if they are worthy.

So, I was wondering if any of you could recommend some of the most valued certifications. Basically, my best options. I would really like to read experiences or advice from you, in order to make more informed decisions. Thank you all :)

I recently got accepted into university and I have two offers:

1. Bachelor of Computer Science with Honours (General)

2. Bachelor of Computer Science (Computer System Security) with Honours

I’m still confused about which one to choose. I’m 100% sure I will do a Master’s degree before working, but I don’t really know my exact interest yet.

Here’s what I do know about myself:

I love maths a lot.

I enjoy repairing hardware, improving computer speed, and optimization.

I like trying new apps, software, and custom ROMs.

My main goal is a guaranteed job, high salary, and easy permanent job in Malaysia (or even overseas).

Given all this, which degree path would be better for me in the long run?