I would say yes. The good classes I bought were under 100$ and typically included exercises and had great lectures.

Quick question:

I recently signed up for online IT classes, an intro to programming course. It cost about $500 and now that I'm taking the class I'm upset because it's literally links to youtube videos and the professor doesn't give lectures. We just follow along with the book and watch youtube videos. The book is 5 years old.

Am I right for being upset about this, or is this what an IT course should look like?

Is there an ideal type of shiite?

I'm consulting with my doc this coming week, but I'm sorta concerned I may have an ED...

I have ADHD, and all my life eating first time has been nearly impossible for me. Then in HS (14yo) I stopped taking a lunch or eating one in general. I ate dinner normally and then would have a snack or two in the evening.

After moving out I only cooked dinners for my partner and I and so that normally all I had for the day.

Now as a parent with kiddos I feed them proper meals, but having been placed on concerta just over a year ago, I have bad food aversion. After my kids go to bed I smoke some weed to give myself the munchies (and help with insomnia), and then eat a large dinner.

I've always had a hard time with eating 'proper' meals, but this seems worse. Its usually 600-1000 calories in my 'meal' around 9pm and I'm not normally going to sleep until 1-2am.

Anyways, I was curious about EDs after post COVID make my food aversion worse (like full blown nausea) and came across night eating in the disordered eating research I was doing.

I do consume most of my food at night, like 98% of it honestly. Am I in serious trouble here in the long run? I don't even know how to start going about fixing it.

I'm 27, AFAB, and 165lbs if that info helps...

Thanks in advance for any advice you may have.

It's my absolute pleasure! Twitter is full of great security researchers like JohnHammond, TheXSSRat , TheMayor and many more (see who they retweet and follow them). There is also a lot of great content on youtube such as Liveoverflow and the cyber mentor. Finally, once you feel like you're ready for the real deal, head over to hackthebox. They have some great challenges. In terms of CTFs, I highly recommend going to picoCTF. You'll pickup great tricks there. BurpAcademy is also a great starting point for webapp related stuff!

Ah man thank you for the AMA. I've been reading every answer. Besides TryHackMe what other websites/forums/media you keep tabs on to be up to date?

[removed]

For you question about my work week:
My week will usually start with looking at all that wasn't resolved from the week before. I will then look at what pentests I have coming up (I usually have one per week lasting more or less 3 days). Pentests are always my weekly priority. Throughout the week I'll also follow up on bugs I've previously raised a flag on to make sure they get fix. If I still have time I'll typically plug the holes by working on one of our various projects which can range from a cloud infrastructure scanner to an API key sniffer (for example)

I wouldn't say it's a niche line of work per se but it's very hard to find good pentesters. A lot of companies tend to hire external firms to pentest their products and get the "stamp" for compliance reasons. Offensive security is absolutely not for everyone as it requires you to think outside the box in very odd ways sometimes.

I've known a lot of absolutely genius devs that could whip out the most complex algorithms without sweating it but they had a very hard time imagining "well if I chain X with Y and finally Z it can easily lead to compromise of A". I'd probably make a shit full time software dev but boy can I break their stuff hahaha

> Are you guys typically contracted to audit the companies rather than work with their IT teams?

I would be tempted to say yes. It's important to keep in mind that most tech companies out there don't have a giant budget and 1000 employees so they often can't afford a red team. This in turn creates a big demand for external contractors such as Cobalt. I personally, however, prefer to work for the company itself rather than being a contractor as it lets me not only find the problem, but help them fix the issue.

What a great question! I would say the first things I would recommend learning is Linux in general. It's widely used and an industry standard when it comes to running something on server. A lot of pentesting tools are also designed to run on Linux so one way or another, you'll have to learn you way around a terminal. Tryhackme has a great Linux/Unix terminal learning path for free (iirc).

Secondly, try to understand the basics of programming. Python and Javascript will come very handy for automating simple tasks/scripts. It's also very important to be able to read code to better understand what's going on under the hood. Codecademy and Freecodecamp are great ressources for this!

Third, I'd recommend knowing the basics of network protocols. Udemy is a great ressource for that type of stuff. Understand the HTTP protocol, getting a rough idea of how TCP/IP works, etc.

After entering as an apprentice, work on making yourself processes for when you'll be pentesting. Take notes on what was successful, what was not and you'll eventually start seeing patterns of things that come up often. This will be the stuff you'll wanna start working with when going on a new engagement as they'll often be your entry point into a more serious security flaw.

Oh that's interesting. I feel like Pentesting is more of a novelty and "nice to have" as I've never came across anyone with your skill set and I've worked for public listed companies as Software QA for the last 10 years.

You feel it's a niche and there are still a few willing to follow your path? Are you guys typically contracted to audit the companies rather than work with their IT teams? Any reference anywhere to what your typical work week looks like? (I'm considering branching out to it hence my questions xD)

Knowing what you know today, what would you say are the top items to self-learn prior to entry into Cybersecurity and what do you think is more important to learn after entering as say an apprentice into cybersecurity? I am currently transitioning out of the military and I really want to enter into the cybersecurity industry.

Do you have any general tips for where to get the best information to self-learn? I see you utilized Udemy in another comment. Thank you for your story and for posting here on Reddit.

I sure did! And wow I never knew the ratio of pentesters to other cybersec related jobs was this low that is insane! I'll be even more grateful for having the job I have :D! Thank you!!

Wait… You entered into Cybersecurity as a Pentester? If that’s the case, I hope you know you are apart of like .25% of people who get into cybersecurity initial entry as a pentester. Well done!

In terms of actual exploits I've come across an unusually high number of debug werkzeug consoles that were publicly available via a "staging" subdomain (ex: staging.mywebsite.com). The pin authentication can be relatively easy to bypass in certain circumstances essentially giving an attacker direct access to the machine to run malicious commands.

It's not an exploit per se, more of a security issue but I often find secrets that are accidentally public. By secrets I mean API keys, AWS access keys and stuff like that. Put into "wrong" hands (depending on the privileges the key has) it can lead to disastrous results. I've done so multiple times especially when it comes to something I've found on one of our clients websites.

Another one which isn't much of an exploit but more of a widespread bad practice is phishing resilience. A LOT of companies don't take phishing exercises seriously despite most of the recent cyber attacks using them as an entry point into a company's systems.

What are the most overseen cyber security exploits that even big corps might be missing that you have come across recently? Have you ever reached out and exposed an obvious one?

It's probably one of the first tools when I don't know what's running on a given server! Such a useful tool for initial recon!

Do you use Nmap?

Tryhackme has been an incredibly great starting point. From there Udemy was also a great source of knowledge to learn stuff more in-depth.

Back in 2012 what were your best sources of knowledge acquisition to develop your skills in ethical hacking?

There are a few questions to consider here. One of the core mandates of IISD Experimental Lakes Area is to undertake large scale experiments/research to provide guidance for science/evidence-based policies. There remain many issues that require this type of science, from climate change effects to potentially harmful pollutants. A main challenge for undertaking this research, for us and for our collaborators, is access to science funding to undertake this research. With recent investments by the Government of Canada in our facilities’ infrastructure, we are well positioned to support these large experiments.
When it comes to threats to lake health, we are relatively unaffected since the lakes we study are intentionally remote and relatively pristine —far enough away from human influence to escape many of the problems other lakes are facing (except climate change and pollution that reaches the lakes through the air). Having said all of that, when thinking more broadly about lakes around the world, we should remember that IISD-ELA was originally established to investigate what causes algal blooms. Algal blooms occur when too many nutrients enter a water body (eutrophication), which results in the excessive growth of algae. Research at IISD-ELA revealed that phosphorus, rather than nitrogen or carbon, was the primary nutrient responsible for algal blooms. However, controlling phosphorus entering our waterways proves to be a difficult and expensive endeavor, and algal blooms are still a major issue affecting many lakes around the world.

Yes, we have a small team of data scientists working specifically on our database, in collaboration and consultation with our broader group of scientists.

Our comment about 'scaling' concerned the transfer of results obtained using small scale approaches such as tests conducted in test tubes, bottles, or small enclosures to entire ecosystems. These small-scale approaches are widely used because there is a high degree of control, they are inexpensive, and easier to replicate.

While these approaches have considerable value as exploratory tools, there are often problems extrapolating their results to natural ecosystems. This is because small scale systems lack important elements of natural ecosystems such as contact of water with lake sediments and the atmosphere or the influence of soils and vegetation that surrounds natural lakes and streams. Natural ecosystems are also subject to immigration and emigration of organisms from surrounding areas and it may take years for changes to take effect.

Most small-scale approaches are short-term and do not allow for these effects. This is why the ability to conduct whole-lake experiments at IISD-ELA is so important. Here, we can directly test the influence of human activities at the scale that usually is most important to society – the ecosystem.

It is true that machine learning requires large volumes of data. So the benefits of ML are constrained to the size of the datasets we are working with. Fortunately, we have been around for over 50 years and includes dozens of lakes, so we have lots of data to work with already. With that said, the newer sensors we are deploying now will be able to provide us with a higher volume and resolution of data than we’ve ever had before, and we are excited about the possibilities that machine learning offers to make sense of it all.

As we speak, we are investing in a suite of sensors that provide high resolution data (several measurements are taken each day) for our lakes. Sensors include temperature strings that provide thermal stratification data; sensors that test for everything from temperature, conductivity, dissolved oxygen to algal pigments, dissolved organic matter; and many more.

In the upcoming year, we will be testing out a relatively new type of sensor that can measure concentrations of nutrients like nitrogen and phosphorus that promote algal blooms; for instance, Systea WIZ probes that provide ammonia, total nitrogen, total phosphorus, and total organic carbon data.

For about a decade, our team has also been implanting some fish with transmitters that allow our researchers to determine which habitats they use, and which they avoid during different parts of the season.

Until recently, all of these measurements were made manually—by going out onto the lake to take samples and using handheld sondes. In some cases, it has been possible to leave an automated sensor in the lake and return at a later date to collect the data.

However, these new networked instruments allow us to gather much more information and to view it in real-time from anywhere—even the comfort of our desks.

Capture the flag! They are cybersecurity challenges where you will have to reverse engineer software, find hidden messages in images (for example), hack into a (purposefully) vulnerable website in order to capture "flags" which are typically a unique key that will give you points once you've found it :)

https://en.wikipedia.org/wiki/Capture_the_flag_(cybersecurity)