A resume that’s only skills-focused doesn’t move the needle. Anyone can list tools and keywords. Recruiters see that all day. Projects show real ability. They prove how you applied those skills, what problems you solved, and what impact you made. That’s what hiring managers actually care about. I still include skills, but I anchor them inside projects. Example. Instead of listing tools like SIEM or Incident Response, I describe: - Investigating brute-force and persistence activity using Windows event logs and SIEM queries - Building alert enrichment or automation workflows to speed up triage - Mapping detections to MITRE ATT&CK and documenting response actions Skills help with ATS. Projects drive interviews. If you’re entry-level, this matters even more. Labs, detections, and automations are your experience. What do you focus on more in your resume. Skills or projects?

I’m curious how everyone here puts their labs together. Some people keep it simple, others go all-in with a full mini-SOC at home. If you’ve built a SOC lab before, what did you use? - What SIEM did you go with? - Any EDR tools you liked? - Local VMs or cloud? - Any open-source tools you swear by? - Screenshots or setups you want to show off? Share whatever you’ve got. It helps the whole group see different approaches and maybe pick up a few new ideas.

I want to hear from everyone here. If cybersecurity were a game, what would your role be? - Defender. You protect the environment. - Attacker / Red Team. You break things to expose weaknesses. - Analyst. You look into alerts and incidents. - Threat Hunter. You search for threats that tools miss. - Engineer. You build detections, automations, and secure systems. - Architect. You design the battlefield. - GRC / Policy. You create the rules and keep the organization in line.

This debate never ends, so let’s discuss it here and hear everyone’s opinions. People keep asking where to begin in cybersecurity. Some people swear by Security+, while others say ISC2 CC is the new choice. Then there are Google Cybersecurity, CySA+, cloud certs, and a variety of vendor training. Everyone has a different path. So, let’s speak honestly. If someone is starting fresh in 2025, what cert should they take first, and why? Here are some points to consider: • Security+. The classic. HR loves it. It provides a solid foundation. • ISC2 CC. Affordable. Quick. Some say it’s the new "starter cert." • Google Cybersecurity. Hands-on. Good for those who dislike dry theory. • CySA+. More advanced. Some suggest skipping Sec+ and starting here. • Cloud AZ-900 / AWS Cloud Practitioner. Cloud skills are now essential. • EDR vendor training (CrowdStrike, Sentinel One, Defender). Real tools you will actually use in a SOC. What would you recommend to a beginner in 2025, and what led you to choose your path?

Ransomware attacks force victims to make a difficult decision: pay the ransom to regain access or refuse and risk losing everything. Some people argue that paying should be illegal because it supports criminal activity and encourages more attacks. Others think companies should have the option to pay if it helps them save critical data or avoid going out of business. What do you think? Should paying ransom ever be legal under certain situations, or should it always be banned to deter cybercriminals? Share your thoughts below and like the post if you want more discussions like this.