- Are you struggling with the lack of responses, confusing job requirements, or constant rejections that don’t give real feedback? - Do you feel like the hiring process has become messy, slow, or flat-out inconsistent? - What’s one thing you wish companies would fix to make the process fair and actually useful for candidates? Drop your answer below. Someone else in the group is dealing with the same thing, and your perspective might help them.

For me, the one that really made me pause was: “Tell me about the worst incident you handled. Walk me through what you did from the moment it started until it was resolved.” It wasn’t about theory. They wanted to see how I actually think when things get messy, how I break down an investigation, and where my real hands on experience shows up. Now I’m curious! - What question caught you off guard or made you stop and think? Drop yours below.

I’m curious how everyone here puts their labs together. Some people keep it simple, others go all-in with a full mini-SOC at home. If you’ve built a SOC lab before, what did you use? - What SIEM did you go with? - Any EDR tools you liked? - Local VMs or cloud? - Any open-source tools you swear by? - Screenshots or setups you want to show off? Share whatever you’ve got. It helps the whole group see different approaches and maybe pick up a few new ideas.

Attackers are not using the same obvious scams anymore. They are getting cleverer. Their tactics are more personalized and more convincing. Some of the new attempts look nearly identical to real vendor emails, MFA prompts, or internal notifications. I want to know what you are observing. Share the strange ones, the convincing ones, and the scams that nearly caught you or your team. Just remember to remove any sensitive information before posting. - Fake MFA push floods - AI-generated emails that sound very real - Spoofed HR or payroll updates - Fake password-reset notifications - QR code phishing - Deepfake voice or video attempts - Any new method attackers are using The goal is to help everyone stay informed about what is really happening. If you’ve noticed something new or surprising, please share it below. Quiz for today? - I posted two email screenshots. One is real. One is a phishing attempt. - Your job is simple. Tell me which one is legitimate and which one is fake, and explain why you think so. Drop your answer below. Let’s see who can spot the red flags fastest.

This debate never ends, so let’s discuss it here and hear everyone’s opinions. People keep asking where to begin in cybersecurity. Some people swear by Security+, while others say ISC2 CC is the new choice. Then there are Google Cybersecurity, CySA+, cloud certs, and a variety of vendor training. Everyone has a different path. So, let’s speak honestly. If someone is starting fresh in 2025, what cert should they take first, and why? Here are some points to consider: • Security+. The classic. HR loves it. It provides a solid foundation. • ISC2 CC. Affordable. Quick. Some say it’s the new "starter cert." • Google Cybersecurity. Hands-on. Good for those who dislike dry theory. • CySA+. More advanced. Some suggest skipping Sec+ and starting here. • Cloud AZ-900 / AWS Cloud Practitioner. Cloud skills are now essential. • EDR vendor training (CrowdStrike, Sentinel One, Defender). Real tools you will actually use in a SOC. What would you recommend to a beginner in 2025, and what led you to choose your path?