>>61961489
>*Mashes WASD for 3 minutes*
>"Im in"

>>61961489
The blind leading the blind.

lmao just unplug your computer

pretty overblown military and glowie nets are practically impenetrable you can do some fucky stuff by messing with your typical American locality's unsecured systems but most of the time it comes down to good old social engineering anyway

>>61961489
asl? wanna cyber?

File: Picture unrelated.jpg (446 KB, 1920x1080)

446 KB JPG

>>61961489
Unfortunate consequence of the shitty digital technology architectures we've built.
Security vulnerabilities don't have to exist.

>>61961541
Huh ?

>>61961489
There's a furious cyber war going on right now that is largely unreported.
As a result, a lot of new military development programs are incorporating new cybersecurity protocols.
There is a probability that electronic attack can locate any asset using a particular weapon, and a possibility that electronic attack can disrupt or prevent attacks.
See for example the effects of GPS disruption on all sides in Ukraine.
All this is classified, non-knowers can only speculate.

>>61961583
Oh, for some reason I thought I was back on Yahoo chatrooms back in 2003.

>>61961489
overrated, nobody can hack my revolver

>>61961489
Spending weeks developing a network of backups, firewalls, logical and physical partitions, and encryptions just to realize that Sue in Marketting just fell for an obvious Phishing scam 2 months ago and everything was compromised before I even started working.

>>61961568
>Security vulnerabilities don't have to exist.
Cyber warfare can still happen even if every piece of infrastructure was 100% airgapped and had no connection to the outside world, because people are stupid and impressionable and easily influenced by media.
>War begins with China tomorrow
>Every kid on Tiktok gets fed videos telling them how cool it would be if they'd just go slash the tires on their parents car.
>The pyros & the mass shooters get egged on
>The Antifa types get told that maga swat cops are forcibly de-transitioning gay black children at X location and they need to go help them
>Meanwhile all the white supremacist types get told that the government is starting a whole new round of forced immunizations in order to cover up for the fact that an Obama-led coup is taking power and now is the time for them to act. At the same location, of course.

>>61961584
>All this is classified, non-knowers can only speculate.
>>61961518
>The blind leading the blind.

>>61961621
>Cyber warfare can still happen even if every piece of infrastructure was 100% airgapped and had no connection to the outside world
Yeah but I have a blind guy who can tell me what keys are pressed by the sound of typing.

>>61961489
Well for one we should stop promoting that stupid notion that it works just like real warfare and there are distinction between military(legitimate) and civilian(illegitimate) targets. Everything is a fair game in cyberwarfare ESPECIALLY that cancerous media your brain damaged kid can't get off from.
Everything is a target and everything of marginal value should be secured equally, from public transportation, to banking, to regular commerce etc. It's sure won't be pleasant when some major service provider goes fucking down completely and stalls half of the local industry with them.

I just know cyber warfare wouldnt be nearly as big of a problem if companies didnt make everything "smart" and constantly connected online. Alot of it is self inflicted so governments and companies can spy on/data harvest their own citizens, but that ends up let other nations do the same.

>>61961785
That's also a customer problem. People often don't think through their purchases. They don't understand their software license agreements either.

>>61961541
17/f/pyongyang

>>61961610
Thankfully I haven't run into a situation like that myself, but it is fucking annoying how we spend so much on cybersecurity (including awareness training for staff), only for someone who passed all the tests to fall for Nigerian prince tier scam emails.

>>61961583
It was a better time

I'm an Air Force ION (interactive on-net operator), AMA (obv non classified)

>>61961621
Sure, the human element is always going to be vulnerable. Biological life in general is extremely janky and 'designed' through a process that is hot garbage.
I don't mind that. But our digital systems could and should have been better. Intelligently designed.

>>61961936
Do you pretend to be other people or not yourself on the internet and does anyone tell you what to say in any way online?

>>61961505
>entire foreign intelligence unit in durkaburkastan vanishes
>hack of a subcontractor from two years ago discovered

>>61962062
I won't get into specific TTPs but in the general sense in which you're asking, no, that's not what an ION does. We conduct CNA (computer network attack), CNE (computer network exploitation), and CND (computer network defense) operations, collectively called CNO (computer network operations).

File: let me die.jpg (32 KB, 576x576)

32 KB JPG

inexorably painful because your average snuffy has no fucking clue that you put them through cyber awareness for a reason. or that they shouldn't charge their phone using a usb in their computer. oh and your high-level officers are all fucking X'ers who assume just because they were around to see the first iPod that they know how computers work. at least i can comfort myself by pretending this shit doesn't happen near anything important.

>>61961936
What's the path to get to that position?
Can an Army nigga do it?

>>61961936
Are we currently in a cyber war ?
If so what states are attacking us

>>61961818
12/f/ny was my goto, I probably got a bunch of guys off in the ""lesbian"" chatrooms while jacking my prepubescent peen doing the same thing.

>>61962258
Why are white people like this ? Can't u guys just have normal sexual kinks

Can't seeing booba and ass make u happy

>>61961489
The DOD has retarded requirements in NIST800-151 and CMMCv2 some of them are just best practice, others are for attacks that are only theoretical and require hardware that doesn't exist but cripple systems by making them less useful, others are bad practice and imo open systems up to attack.
They also don't apply the same scrutiny to municipal systems that they do for defense contracts and themselves which is a major vulnerability.
They also still have some reliance on security through obscurity. And have retarded supply chain requirements even though all the hardware is still made in china using hardware with known vulnerabilities, which is another massive vulnerability.
And cloud systems.
It's all bad, no one even needs to target the US directly they might be targeting a cloud provider or a specific hardware vulnerability and accidentally pwn the military, or a contractor. I think even they realize this to a certain extent because anything important is offline but the companies producing these things aren't so they have all these requirements to cover their ass if something happens not to have actual security.
Every system relies on a CPU that is effectively a black box, the NSA and DOD keep focusing on flashy shit like viruses and targeted attacks and not a backdoor being introduced in the silicon, or someone's made in china cell phone being used, or a worker at an amazon data center being bribed or being just pissed off enough to sabotage shit. Even after making a big stink with the supermicro fiasco supermicro, dell and hp are approved hardware vendors even though they make all their shit in china.

>>61962214

For the Air Force, most people crosstrain into it, if you're in the Army I assume it's a similar process. So when you are eligible to crosstrain hit up your unit training manager or whatever and get the details. For the Air Force you also have to take a test called the EDPT to weed out people who are not smart. Also you could end up going anywhere from a NOC that monitors internal networks (which I hear is kinda boring), to aggressor / red team squadrons, to other units that are part of Cybercom or attached to title 50 agencies.

>>61962240
I wouldn't call it cyber war but it's no secret that our adversaries are positioning themselves as deeply as they can to hold our critical networks and infrastructure at risk, to say nothing of the constant industrial espionage ("greatest wealth transfer in history" - Gen Alexander). Unless you've been living under a geopolitical rock, you know what states are our enemies, and Cyber gives our enemies a cheap, asymmetric domain of warfare and espionage, with global reach and plausible deniability.

>>61962291
It was 56k dial-up you retard, online erotic literature and chatrooms over downloading an image for five minutes was the vogue.

>>61961889
I nearly fell for a "Tech support needs your information" scams before double checking with IT.

>>61961621
Just use Rust.

>>61961936
What's your plans when you get out? Navy CTR with a compsci degree and all the necessary certmaxxing getting out soon. Not sure if I want to shoot for federal work or go private.

>>61961489
It is mad gay. The NSA are all nerds and deserve to be pantsed for all the gay bullshit they do.
Did you know they make new guys wear a pilot helmet on their first hacking "mission" or whatever?
Hard cringe.

>>61962705
So you're telling us that you've never had fun in your life?

File: 1689102990612963.gif (79 KB, 128x128)

79 KB GIF

>>61962291
>spend 2 weeks downloading a 240p of heather ideepthroat on 56k
>fap chatting to girls in my middle school AIM messenger
simpler times

>>61962702
get fucked future glowie

>>61962702
I'm Air Guard and a contractor. I make $230k/yr at my contracting gig, plus good benefits. There are people in my Guard unit who make considerably more than me, either as contractors or working for FAANG type companies. Govvie is also an option but you trade pay for some perks and authority or ability to do some jobs contractors can't.

>>61962702
Also I'll add that FAANG will work you a lot harder than contracting where oftentimes we're not allowed to work more than 40 hours a week. But the jobs are also harder to get. Contracting jobs are handed out like candy and you will only be fired for lying or extreme incompetence.

>>61962734
faggot
>>61962830
Nice. How consistent is contracting work? Were you able to jump into it right away or did you get in through internships? Any prior education?

>>61962710
Did I hurt your feelings Mr tough guy NSA man?

>>61962867
Yeah right away as long as you have a pulse and a TS/SCI. Of course the more experience you have or the better you do in interviews, the better your chances. I had a comp sci degree and my first job was $90k, 2 years later I was getting offers for $165k, and now I wouldn't look at anything under $250k.

>>61962897
Thanks, this gives me hope given how fucked up the rest of the job market is.
>comp sci degree
Bachelors or a masters? I went to school initially on a scholarship so I still have benefits I don't want to waste, considering going back part time while I'm jumping into civilian stuff.

>>61962345
>I wouldn't call it cyber war but it's no secret that our adversaries are positioning themselves as deeply as they can to hold our critical networks and infrastructure at risk
I'd sure call it a war if somebody was parking battleships outside Newport News and training their turrets on our ships

>>61962345
Should I do it and how hard is the test

File: petoria lesson.jpg (30 KB, 480x360)

30 KB JPG

>>61962724
>Kazaa, Bearshare, and Limewire a TV show or movie
>oh cool, I can hit preview on the .avi format
>open it in Realplayer and watch the first 10 minutes for three days
>still remember that segment of Family Guy or movie opening 20 years later ad verbatim
Yee

>>61961533
>military and glowie nets are practically impenetrable

>source: I read a Tom Clancy novel once

>>61961621
You know people on this board are retards who get their security studies information from action movies and video games because they think cyberwarfare is an irrelevant side production

>>61963561
>people on this board are retards who get their security studies information from action movies
if that were true, they'd think that anybody can hack into the Pentagon in sixty seconds provided they type fast enough, have a gun pointed at their head, and a hot blonde is giving them a blowie

what you have here instead are a bunch of smart alec reactionary contrarians who believe that BECAUSE Hollywood depicts military computer systems as being hackable, THEREFORE they're ackshually impenetrable

File: Yakub.jpg (415 KB, 965x923)

415 KB JPG

>>61961936
Post your 2023 DoD cyber security certificate with name scrubbed

>>61961936
Civilian contractor here.
Why the fuck do I have to set my linux security policy to FUTURE to meet NIST 800-151? Are you guys really worried about quantum attacks?
There's almost no repo's that have keys that work with that security policy on Rock linux.
Also is there any reason why the STIGs don't work with KDE?
Is there a RHEL software repo mirror on SIPR or NIPR? It would be awesome to be able to use dnf for software installs and upgrades en situ using dnf but I keep having to hand carry our product to a site and do all the installation and dependency management manually.

>>61963780
They are extremely worried about quantum and no one is reallly sure why https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3498776/post-quantum-cryptography-cisa-nist-and-nsa-recommend-how-to-prepare-now/

>>61961489
Why is that old statue wearing an Anomanous mask? I thought he was invented in the 80s by Vertigo

>>61963890
>and no one is reallly sure why
Oh, people know. They just can't talk about the reason.

>>61963131
There are lots of tests, lots of schools, and they get progressively harder. The big one is CNOQC and it fails about 30-40% of students. But if you are intelligent enough to analyze technical situations, figure out solutions to problems on your own, and do it all against the clock, you can succeed. If you make it through you will have a skillset that very few people possess and get to do some really cool shit. Things that would otherwise have you sent to prison.

>>61963780
Sorry to hear that, but it's not really related to my job at all. I conduct cyber operations. I am mapping networks. I am throwing exploits. I am not writing policy or implementing STIGs. HOWEVER, of course the NSA is worried about quantum attacks. It's only a matter of time until traditional encryption algos are obsolete. If we learned anything from the proliferation of vulnerabilities in SCADA, ICS, and other OT, it's that some tech ends up being in production 20, 30, 40 years after it's implemented. There are still millions of boxes running XP. The sooner we prepare the better we're going to be in the long run.

>>61961489
I got banned for cw thread

>>61964123
kwab

>>61961936
hello mohamed ngom

>>61964115
That's understandable. I get the logic but the tech doesn't exist yet. There is only one usable pq crypt algo and it's not implemented anywhere as far as I know.
Agree with keeping things updated.
I laughed a bit when I actually looked at what SEC=FUTURE did it still uses RSA so assuming anyone makes a useful quantum computer we're all fucked anyways.
Your job sounds cool.
Have you ever attacked a server's BMC? I used to do validation and testing on that stuff for Intel and it always made me nervous what we allowed to pass.

>>61961489
overrated, the damage to military capabilities is minor and temporary

>>61965857
Do you have any evidence for that? Just because China hasn't taken down an F-22 with code doesn't mean the capability doesn't exist. If I were a strategic planner in Russia, China, the US, or any nation with a cyber capability, the first thing I would do is start stockpiling zero days and bespoke exploits to throw on day 1 of a hot war. We know all kinds of tech that can be ground to a halt with cyberattacks. Wannacry proved medical tech is vulnerable. Aurora proved the power grid is vulnerable ( https://en.wikipedia.org/wiki/Aurora_Generator_Test ). Do you really think advanced military tech has perfect security?

>>61965857
Double posting to add:
Russia actually has and does manipulate the power grid, they are kind of pioneers of low-to-mid level cyber war.
AND
We're not even talking about the intelligence capabilities of cyber war. Even if I can't bring down your F22 to turn your carrier into a sitting duck, how about even knowing where they are? What if SECDEF's secretary clicks a link she wasn't supposed to and Cozy Bear now has access to his emails on a real-time basis? That is completely within the realm of possibility and just one of a million different scenarios.

>>61961610
Why don’t companies just have IT vet emails?
Like it’s the company’s email system 99% of the time, so people shouldn’t be using it for personal messages.
Can’t they just park emails that are obviously from outside the organization into a “needs to be vetted” folder?

>>61961489
Very interesting lesson to learn from UA-RU war:
Ukies knew that their hardware and software won't stand the assault from any dedicated assailant. So they made their systems "expendable". That is, all their systems had backups upon airgapped backups. Thanks to this policy they manages to get their AD systems back into action the next day after the invasion started.

>>61963602
>reactionary contrarians
you had me until this, this is straight-up leftist faggot talk. to the point you and the other guy were trying to make though, its important to remember that most cyberattacks in a conflict are likely to be pointed towards less-protected civilian infrastructure, not "glownigger nets" or whatever. Causing blackouts, loss of services, financial problems, or otherwise fucking with the target country's ability to function is what makes cyber warfare such a potential problem.

>>61967457
>this is straight-up leftist faggot talk
I'm pretty sure 4ch was referring to itself as contrarian autists since at least 10 years ago

>most cyberattacks in a conflict are likely to be pointed towards less-protected civilian infrastructure
hardening of military vehicles and munitions against cyberattack is a big thing right now, anon

>>61961936
I thought the Navy was the only branch to use the ION term. Did you go to their school for it or does the Air Force have one?
I'm assuming you're 1B4 on the offensive side. Did the Guard send you through that pipeline? I've only ever dealt with AETC as non-prior service, do they still treat you like retards there? Got any general thoughts on that pipeline? I know the gist of the generic 1B4 Keesler course but all the schooling outside of that is a mystery to me. I don't know if it's not public information or just not well-documented.
How much do you fucking hate Mississippi?
Could you walk into OSCP right now and pass it?
Do you prefer Adderall or Vyvanse?
>>61962830
>>61962866
Do you have any tips and tricks on getting into prestigious tech companies aside from generally bettering myself (and my resume)? I had an interview for a cleared position with Amazon once (honestly harder to get an interview with them than it was getting a job with a defense contractor lmao) but got rejected :(

>>61963561
Are you one of those people who think air-gapping doesn't make a network any safer? I met someone like that once but had to avoid facepalming because he was my DO.

>>61966824
Everyone knew medical and ICS were vulnerable, they did literally no security.

>>61967095
Too many e-mails. The average worker receives over a hundred and twenty emails per day. Assuming it takes a minute to load and vet an email then you're looking at 2 man-hours of work per employee. That's 1 IT specialist doing 12 hour shifts every day just to keep up with 6 office workers.
>Can’t they just park emails that are obviously from outside the organization into a “needs to be vetted” folder?
You can't always identify an email as being from outside the network. A careful hacker could fake the origin address and make the email seem like it's local.

>>61967095
>just have IT vet emails?
that makes IT itself a fuck of a confidentiality vulnerability, doesn't it?

File: kissinger.jpg (54 KB, 850x400)

54 KB JPG

Every major country has infiltrated and compromised the grid and infrastructure of every other country. We are just a few 1s and 0s away from 90% of the world population dying within a year.

The reason why it hasn't escalated is because cyber lends itself to small, obfuscated attacks, which are preferable, but aside from that, escalate extremely quickly and very far.

When, not if, it happens, it will be worse than nuclear war.

>>61967497
>I thought the Navy was the only branch to use the ION term. Did you go to their school for it or does the Air Force have one?
1b4 tech school, then something called CWO at Hurlburt Field, then FORGE
>I'm assuming you're 1B4 on the offensive side. Did the Guard send you through that pipeline? I've only ever dealt with AETC as non-prior service, do they still treat you like retards there? Got any general thoughts on that pipeline?
It wasn't quite as bad going 1b4 school as prior service. You literally are not allowed to interact with the non-priors in any way, they keep you very separated, probably 'cause of sex scandals. We still had group PT and Blues Mondays but otherwise it was fine. It was only 5 months. FORGE is super chill, you learn a ton of super cool stuff, and it's mixed between civilians and military. It's 12-24 months depending on how the stars line up. Guard sent me through everything.
>How much do you fucking hate Mississippi?
The only thing I really hated was these giant cockroach things that invaded the off base townhouse I was at for a few weeks. Otherwise it was just boring.
>Could you walk into OSCP right now and pass it?
Not sure, but if I had to bet, I'd say yeah.
>Do you prefer Adderall or Vyvanse?
I've been considering getting an Adderall prescription for years but it seems like a bother, the only thing I do is have a big cup of coffee in the morning.
>Do you have any tips and tricks on getting into prestigious tech companies aside from generally bettering myself (and my resume)?
Yeah the thing is FAANG also want you to be competent, unlike contractors who want you to be breathing. It depends on exactly what you want to do though. One of my coworkers grinded (ground?) leetcode for 6 months and was having good success in commercial developer interviews. I guarantee you that if you get through FORGE you are going to be extremely employable.

>>61967896
Why hasn't some black hacker just done it then ?

I mean a 15 yr old literally hacked cia and found personal info of the cia head

>>61964115
So do I just go to my local recruiter and sign up

>>61967765
>Guy who installed the security system might be a security risk.
Yeah, that was always going to happen.

File: orwell.png (167 KB, 850x400)

167 KB PNG

>>61968749
There have been 3 instances where large swaths of the US oil infrastructure has been shut down in the last decade. And communications infrastructure gets attacked all the time. And private infrastructure used to be told by the feds to not report, now they're threatened to not.

That is most certainly people probing to see where vulnerabilities and bottlenecks are. And how states and companies will react.

Also, the line between "hackers" and government directed groups is essentially non existent. Any hacker group that has any capabilities will be connected to a state actor in some manner. Which leads to the valuable aspect of obfuscation.

And your example just shows how vulnerable essential systems are. The only reliable tactic is air gapping, and that didn't save the Iranian nuclear facilities.

>>61968817
There is a vast gulf between having the security guard check your ID thoroughly to ensure you are who say you are and watch you to make sure you stick to authorised areas; and having the security guard read all your files to "keep you safe"

>>61968839
>The only reliable tactic is air gapping, and that didn't save the Iranian nuclear facilities.
It's not an airgap if any retard can plug in external USB sticks

>>61968749
>>61968839
Also I should say that for a very long time, hackers had an ethic that they would not target infrastructure, which stuck for while because you could always make more money, or at least it was a lot easier to, stealing from a bank account or ransoming a large corporation.

But now that seems to have changed. Hospitals are an extremely common target now. Even entire cities are getting attacked. Which is almost certainly linked to an increase in state and non-state actors being linked.

>>61968863
I mean, it is though. If it's on it's own net and not connected to an external one. That's how most federal agencies around the world work too. You think Fort Meade has open wifi? Obviously not. To get the usb in they had to beat the physical security, and in Iran's case, informational security.

File: usb d.jpg (214 KB, 1536x868)

214 KB JPG

>>61961489
Is this book worth reading?

>>61968845
In the case of IT it can be worse since we usually leave backdoors in case the General manages to lock themselves out of their own top secret account.

>>61968749
NTA, but there are a few different types of hackers and their motivations, skills, and resources affect what they can and do do. You've got your hactivists that hack for some social cause. Usually they aren't super well funded and want to get the most bang for their buck. They're much more likely to bring a website down than to do a multi-year campaign to blow up a dam or something. Then you've got the cyber criminals that are just after $$$. They have gone after critical infrastructure in the past "accidentally" (Colonial Pipeline), and it did not work out well for them. Finally, you've got "advanced persistent threats" (APTs), government funded groups. APTs have orders of magnitude more time, money, resources, and skill than other hacker groups. These are the groups that have the motive and means to break into critical infrastructure. Damaging it now would be an act of war. It's prepositioning for a future conflict and leverage.

>>61968757
Yes but a lot of things have to happen:
1) You have to qualify for a cyber job, at least doing well on the ASVAB and possibly another test like the EDPT
2) The branch you are joining must have a need for that particular job at the moment and it must be open to non-prior service (you could also come in as something cyber-adjascent and hope for a crosstrain opportunity in a few years)
3) You need your recruiter to get it in writing that you are coming in on the specific MOS/AFSC/rating you want
4) Once you make it through the initial training you must be lucky enough to be assigned to a unit that does something cool and offensive
5) You must crush every school they send you to

it'd be easier to join the Nat'l Guard or Air Guard b/c you can join into the exact unit you want. Call your local Guard bases and ask if they have any cyber opportunities. Go in and ask about their missions. You can also look online. OH has a cyber wing. MD is getting one. KS has red team. Many other states have various cyber squadrons.

>>61961489
Probably the most important future war space that still lives mostly in private hands

>>61963890
Look to the Utah datacenter my son

>>61961621
So it'll be like the jewish 2020 BLM / Antifa color revolution. Except instead of the USIC controlled propaganda outlets like Facebook and Twitter the social turbulence will be blamed on the one media source controlled by chinks instead of jews.

>>61967489
>hardening of military vehicles and munitions against cyberattack is a big thing right now, anon
Which is one of the reasons why it makes more sense to go after softer targets. The ratio of mayhem:effort is much higher for civilians than it is for the military.

File: IMG_1453.jpg (2.39 MB, 4032x3024)

2.39 MB JPG

>>61969541
I haven't read that one in particular but I've read quite a few books relating to cyber warfare and my favorites are:

The Cuckoo's Egg -- a classic, maybe the first in the genre.
Countdown to Zero Day -- excellent and surprisingly technical book about Stuxnet. Lots of general information in there and an entire chapter about how vulnerable our critical infrastructure is.
Dark Territory -- great overview of the early history of cyberwarfare in the US
Sandworm -- Really great. A look at Russian cyber units, doctrine, and attacks on the US, Ukraine and Estonia
The Perfect Weapon -- goes into how Russia hacked the DNC and more.

>>61970226
>hardening of military vehicles and munitions against cyberattack is a big thing right now
>tt makes more sense to go after softer targets
Armoured vehicle programs today are all busy figuring out how to tack on hardkill and softkill anti-FPV systems. The reason is because of the proliferating threat of FPV drones which can kill those armoured vehicles.
So, when you see a rush towards hardening military vehicles and munitions against cyberattack, what does that tell you?
There is a proliferating threat of cyber weapons which can kill those vehicles and munitions.
You're jumping the gun playing 5d chess thinking that we should harden civilian targets instead because you assume that the enemy will switch strategies when we become aware of the need to harden military targets.

Also, the question of prioritising military or civilian infrastructure is the same as the nuclear doctrine counterforce or countervalue question. Many other considerations are involved, not just the state of proliferation and defences.

>>61972760
>Countdown to Zero Day
This sounds interesting, thanks.

>not one mention of SCADA or ICS

Lmao the state of /k/

If I want to get into cyber stuff, what's a good place to start? Sec+?

>>61968839
>>61976750
Pwn.college

https://pwn.college/dojos

I'm
Doing it at the moment and I'd like a study partner so drop some contact

>>61976450
>ctrl + f SCADA
>ctrl +f ICS
it's here
>>61964115
>>61964115

>>61976750
I do think Sec+ is a good entry. I got it in 2017. There are a lots of different paths in cyber: blue team (incident response, malware analysis, log monkey), red team (pen testing, vulnerability testing), and dev stuff (vulnerability research, reverse engineering, tool development). And that's not nearly an exhaustive list. But no matter what path I do think Sec+ would be a good start.