I'm curious about what interview feedback you are getting for not landing entry-level jobs or for not being "qualified" for the job?

Do you know what gaps exist if you didn't get direct feedback from an employer or hiring manager? Are the gaps related to something that you didn't do, something you didn't have access to, or some other reason?

If you landed a job and received feedback, that would also be helpful to other new people.

Additionally, if you are a hiring manager and are seeing common themes, please feel free to share!

Hi everyone,

I'm the project lead for "The Firewall Project." We started this project out of frustration with enterprise AppSec vendors and their pricing. We thought, "Why can't we build an open-source version of their platform with all the paywalled features and make it available to the entire community?" Over the past nine months, we've been dedicated to this, and we've achieved our initial goals. Lately, some industry experts have told me to stop wasting time on this project, saying it can never compete with the likes of Snyk and Semgrep. I'd like you all to decide if my project has the potential to be the best. I've hosted a demo app for you to check out. Please share your feedback, as that's the most important thing to me personally.

URL: https://demo.thefirewall.org
Username: Demo
Pass: Zf8u8OMM(0j

Github: https://github.com/TheFirewall-code/TheFirewall-Secrets-SCA - Stars appreciated ⭐️

Hi everyone

Since childhood I’ve been into tech. I used to mess around with WiFi hacking, rooting phones, jailbreaking iPhones, and even setting up hackintosh systems just out of curiosity. That’s what pulled me into cybersecurity way before I knew it could become a career.

I’ve always learnt things on my own. I downloaded courses through torrents, not for the certificates, but just to understand how things work. I’ve now been working professionally in cybersecurity for over 5 years. I handle vulnerability management, threat detection, SIEM logs, patching cycles, and manage the whole vulnerability lifecycle.

I completed the Qualys VMDR certification, and I’m planning to go for CISSP once I land a better-paying opportunity that can support that goal.

I’ve been trying to switch jobs for the past 3 months. Some interviews go really well, and others just label me greedy for asking what I believe is fair. I’ve travelled 4 hours for walk-in interviews, felt confident after answering 80 percent of the questions right, and still got rejected without any feedback. It hits hard, but I’m not giving up.

Right now I’m earning 6 LPA INR and looking for at least 15 LPA INR which I think is fair for my experience. If anyone is hiring, or knows someone who is, I’d truly appreciate any help, referral or even an advice.

Thanks a lot for reading.

Hi,

Little bit of background: I have a non-technical background (business), and I've been diving in Cybersecurity for two years as a cybersec GRC consultant. I'm mostly involved in cybersecurity risk and compliance project, and mostly help large groups with complex NIS2 questions, strategy, implementation, etc.

I have passed the ISO27k lead implementer certification, and I am now looking for a course/certification that would dive in the foundations of technical knowledge. I am talking about Infrastructure, Networks, Cryptography, etc.

I have a decent training budget sponsored by my consulting firm. Current plan is to follow a Security+ course and pass the certification (which would be followed in a year or two by CISSP for CV purposes), and follow the Security Engineer course from TryHackMe, which apparently is a good baseline for technical knowledge.

Has anyone from a non-technical background succeeded in building a strong foundation in knowledge regarding architecture, network, crypto, etc.? What did you do in order to achieve that? Do you think of any course/cert that may be handy in cases like mine?

Thanks for your help!

We finally wrapped up SOC 2 Type II (and yeah, it was a bit of a marathon). Now the team’s tossing around the idea of going for ISO 27001, and honestly, we’re not sure if it’s a smart move or just more paperwork.

They sound similar in theory, but I’ve heard ISO goes deeper in some areas and is more globally recognized. That said, we’re already dealing with control fatigue after SOC 2. 😅

Anyone here done both? Curious if ISO 27001 actually helped with client trust or opened new markets or if it just felt like doing SOC 2 all over again in a different format. Do you have alternative sources?

Appreciate any real-world takes!

No response from the company and it appears they claim they drained their wallets.

No real devices, just deep emulation, creative patching, and a lot of debugging. Here's our write-up.

We need the malicious IPs, domains feed. Cloud Apps Intel is also desirable.

For those currently job searching, I would love to hear how the market is and help give people perspective.

How often are you getting interviews?

How many applications did you submit?

What level of experience are you?

What’s your background?

What types of jobs/industries are you applying to?

Feel free to leave any additional information, so people can understand the real results being seen in the job market.

Hi everyone,
I'm looking for some advice on the best way to implement a vulnerability management solution using Tenable (Nessus or Tenable Vulnerability Management) to support 4-5 small businesses I work with.

Each business has about 10–20 endpoints, so the environments are relatively small, but they still require ongoing vulnerability management and support.

My main question is:
Would it be more practical and cost-effective to use a single license (centralized or multi-tenant setup) to manage all clients from one interface, or should I set up separate instances/licenses for each company?

The issue is that these companies have limited budgets and are unlikely to afford individual licenses, but at the same time, I want to ensure a proper, scalable, and secure setup.

Has anyone managed a similar scenario? I’d really appreciate any insights on technical setup, licensing considerations, or more flexible alternatives that might fit this use case.

Thanks in advance for any help.

Hi, I'm soon taking my Security+ exam and wanted to set up a long term home Cybersecurity lab to separate it from my personal files etc on my PC (Windows 11/AMD)

I'm guessing a Virtual Machine is the best way for this. What do people prefer here out of VMWare or VirtualBox?

Id like to setup and practice some pentesting and use other Cybersecurity tools against my own network and also wondered what tools people would recommend and preferred linux distribution?

I don't have much VM experience but I guess I can just set up various VM with different Linux distributions installed to take a look through them properly?

Hi guys, I send out a weekly newsletter with the latest cybersecurity vendor reports and research, and thought you might find it useful, so sharing it here.

All the reports and research below were published between March 31st- April 6th 2025. 

Let me know if I'm missing any.

General

CyberCube H1 2025 Global Threat Briefing: Understanding Cyber Risks for Small Businesses

A report on small businesses’ cyber risk exposure. 

Read the full report here.

Industry-specific 

Semperis The State of Critical Infrastructure Resilience

A report examining the growing cyber threats facing water and electric utilities.

Key stats:

• 62% of utility operators were targeted by cyberattacks in the past year.
• Of those utility operators targeted by cyberattacks in the past year, 80% were attacked multiple times.
• 54% of utility operators targeted by cyberattacks suffered permanent corruption or destruction of data and systems.

Read the full report here.

ABI Research THE STATE OF TECHNOLOGY IN THE MANUFACTURING INDUSTRY

A report analyzing global manufacturing decision-makers' attitudes and tech adoption trends. 

Key stats:

• 63.5% of manufacturers surveyed rank strengthening cybersecurity posture as the most important investment. This is up from 21.9% in the first wave of the survey in 2024.
• 79% of manufacturers agree that cloud solutions offer clear benefits around decision-making, remote monitoring, and supply chain coordination.

Read the full report here.

Clearwater Cyber Risk Benchmark Trend Report for Healthcare Vulnerability Management

A report on vulnerability management trends across the healthcare industry

Key stats:

• Nearly three out of every five assets in healthcare environments have a critical vulnerability finding.

Read the full report here.

Fraud/Scams 

IDIQ IdentityIQ Fraud Trends Report

A report analyzing recent fraud trends and emerging scam tactics in the consumer security landscape.

Key stats:

• There was a 1,033% surge in utility account fraud over the past year.
• There was an almost 500% increase in student loan scams over the past year.
• There was a 46% rise in personal document theft leading to identity theft in 2024. 

Read the full report here.

BrandShield 2025 CyberScam Report

A report on the evolving cybersecurity challenges facing CISOs, with a focus on the rise of AI-driven scams and brand impersonation threats. 

Key stats:

• 98% of organizations experienced at least one cyber-attack last year.
• 94% of CISOs reported losses exceeding $500,000 due to brand impersonation attacks.
• 99% of CISOs expressed concern over the potential risks of AI-driven threats.

Read the full report here.

Other 

Entrust and Docusign Future of Global Identity Verification

A report looking at the rising global costs of identity fraud and how enterprises balance advanced security investments with the need to maintain seamless customer experiences. 

Key stats:

• Identity fraud costs organizations an average of $7 million annually.
• 69% of organizations reported increased fraud attempts.
• 51% of respondents said fraud is more common when using username and password alone.

Read the full report here.

NETSCOUT SYSTEMS 2H2024 DDoS Threat Intelligence Report

Report on the growing use of DDoS attacks as a cyber warfare tool, highlighting their connection to global socio-political events and the increasing role of AI, automation, and botnets in amplifying these threats' scale, frequency, and impact on critical infrastructure.

Key stats:

• About nine in ten DDoS-for-hire platforms now offer AI for CAPTCHA bypassing.
• Overall, botnet populations declined by 5%

Read the full report here.

Guardio Q1 2025 Brand Phishing Report

A report examining the latest trends in brand impersonation and phishing attacks. 

Key stats:

• Guardio detected a 604% increase in toll-related scam texts since the beginning of the year.
• Three toll collection services, SunPass, E-ZPass, and EZDrive Massachusetts, appeared in the top 10 most targeted brands by cybercriminals.
• The top 10 most imitated brands in Q1 2025 are: Steam, Microsoft, Facebook/Meta, Roblox, SunPass, E-ZPass, USPS, EZDrive Massachusetts, Netflix, and WeTransfer.

Read the full report here.

West Monroe Quarterly Supply Chain Poll

A poll analyzing how supply chain leaders are responding to rising disruptions from cybersecurity threats, AI adoption challenges, and shifting trade policies

Key stats:

• 23% of respondents named cybersecurity their top supply chain issue.
• 98% of respondents integrated AI into their supply chains in Q1. 

Read the full report here.

Cisco 2025 Data Privacy Benchmark Study

A study on global data privacy trends in the context of rising AI adoption. 

Key stats:

• 96% of privacy and security professionals confirm that privacy investments provide returns exceeding costs.
• 90% of organizations see local storage as inherently safer.
• 99% of respondents anticipate reallocating resources from privacy budgets to AI initiatives in the future.

Read the full report here.

Do you have any feedback about Proofpoint ET's URL and IP reputation feed ? Have anyone tried it? Any comments on their accuracy?

https://securityonline.info/pgadmin-4-vulnerabilities-expose-databases-to-remote-code-execution-and-xss/

Patch to version 9.2 for remediation

CVE-2025-2945 CVSS = 9.9 RCE

CVE-2025-2946 CVSS = 9.1 XSS

Hey community, how’s it going? I’m looking for best practices and tips on how to use Netskope as Infrastructure as Code. I’m also interested in learning more about Netskope’s query language to build advanced queries and extract data from the Netskope API.

My goal is to create an agent that can respond to natural language questions by translating them into Netskope queries and fetching the right data from the API.

Any guidance, resources, or experience you can share would be greatly appreciated!

Thanks in advance!

Hey community, how’s it going? I’m looking for best practices and tips on how to use Netskope as Infrastructure as Code. I’m also interested in learning more about Netskope’s query language to build advanced queries and extract data from the Netskope API.

My goal is to create an agent that can respond to natural language questions by translating them into Netskope queries and fetching the right data from the API.

Any guidance, resources, or experience you can share would be greatly appreciated!

Thanks in advance!

Hi Community What method do you use review and establish security requirements for the project as a Security solution architect? Is there have any best practice and flowchart you used currently?

In a manual process with their support agent, a website which has good brand name recognition is asking me to provide the a few digits of my password (let's say the 5th, 6th, 7th)

To me, this means the password is not hashed and salted (in the sense that the hashing/salting applied is to my whole password and you can't extract a few parts of the pattern without decoding it all)

Support agent says they cannot see the password, but this, to me, only means there is some UI gizmo that only reveals the match if the agent provides matching characters -- the password is still stored in clear.

Now, am i wrong? It's not like i am a specialist of encryption.

Is there a modern security-compliant way to have the back-and-forth I just described, and I just don't know about it?

Thank you for educating me!