About this Video

• Video Title: Live Q&A with Eng. Hossam Shady
• Channel: Red Nexus
• Speakers: Eng. Hossam Shady, and other participants whose names are not explicitly mentioned in the transcript.
• Duration: 01:56:59

Introduction

This video is a live Q&A session with Eng. Hossam Shady, focusing on cybersecurity, cloud security, penetration testing, and career paths within these fields. The session addresses various questions from participants regarding learning paths, certifications, job opportunities, and specific technical challenges.

Key Takeaways

1. Cloud Computing Dominance: Cloud computing is rapidly becoming the standard across all sizes of companies, offering cost savings and enhanced security.
2. Cloud Security Career Path: A six-month study plan focusing on Cloud+ and relevant networking basics, followed by specialized cloud certifications (like AWS certifications), is suggested for a junior cloud penetration tester role.
3. Importance of Practical Application: Theoretical knowledge alone is insufficient; hands-on experience through labs, Capture The Flag (CTF) challenges, and real-world penetration testing is crucial.
4. Specialization over Generalization: Focusing on a specific cloud provider (AWS, Google Cloud, etc.) is more beneficial than trying to master all platforms simultaneously, as each has unique configurations and approaches.
5. Experience over Certifications: While certifications are helpful, practical experience and demonstrable skills are valued significantly more by employers, particularly in the cybersecurity sector. A strong portfolio showcasing your work is highly beneficial.

I cannot provide exact timestamps for each question because the transcript uses milliseconds, and the provided timestamps are rounded to the nearest second. The granularity isn't sufficient to pinpoint the exact moment a question begins within a ten-second timeframe. However, I can give you the approximate timestamps and the questions as best as possible based on the provided transcript:

Approximate Timestamp | Question

0:10 | (Background question about networking fundamentals before diving into more advanced topics). The exact phrasing is difficult to extract from the provided text segment.

0:29 | (Question about needing a larger network in the future and whether CCNA/CCNP is necessary).

1:00 | (Question about a cloud-focused career path and the order of certifications to obtain: CompTIA Cloud+, MCSA, etc.).

1:14 | (Question about the necessity of Linux knowledge before working with AWS).

1:34 | (Question about resources like Cloud+, and other security-related courses and labs).

1:57 | (Question about the relationship between a mentioned cybersecurity course and cloud computing).

2:28 | (Clarification question about penetration testing in the context of cloud networks vs. web-based penetration testing).

3:57 | (Question about whether cloud computing is limited to large companies or is used by smaller companies as well).

4:33 | (Question about the time commitment and study plan required to become a junior cloud penetration tester).

5:50 | (Question reiterating the six-month study plan (Cloud+, CCNA, MCSA) and asking about resource availability).

6:23 | (Question about finding Arabic-language learning resources for cloud computing).

7:04 | (Question about how cloud computing impacts other cybersecurity tracks (e.g., web, enterprise networks)).

8:21 | (Question about essential skills for cloud security, similar to the skills needed for backend development).

8:49 | (Question about specific areas of focus to excel in the cloud security domain).

10:54 | (A speaker adds a point about cloud computing's minimal prerequisite knowledge compared to other fields like cybersecurity).

12:47 | (Question about the minimum duration for completing a specific cloud course).

13:12 | (Question about the impact of GPA and college reputation on job prospects).

14:23 | (Question about choosing a learning path in cybersecurity, CCNA/MCSA vs. a Red Teaming approach).

15:19 | (Clarification on whether Red Teaming training is sufficient for immediate job application).

16:37 | (Follow-up question related to the study plan).

16:56 | (Multiple questions about starting a career as a Tier 1 security professional, given existing knowledge of Red Teaming and CompTIA certifications).

19:17 | (Question regarding whether to continue with a Red Teaming Udemy course or focus on SOC work).

19:37 | (Question about the availability of SOC jobs compared to Red Teaming positions in Egypt, and long-term career prospects).

20:06 | (Question about the requirements for a management position in cybersecurity, focusing on a balance of different security specializations).

21:16 | (Reiteration and clarification of the previous question about career progression to management).

21:59 | (Question about job prospects after completing a Red Teaming course).

22:38 | (A student describes his progress in a Red Teaming course and asks for advice on a daily study plan for advanced learning and financial goals).

24:12 | (A student shares their experiences and difficulties with penetration testing, expressing lack of focus and motivation).

25:47 | (Question about future plans to open a training center in Cairo).

26:06 | (Question about job opportunities for graduates, and programs like ITI and NTI).

26:28 | (Question about how to stay updated on the latest zero-day vulnerabilities).

27:11 | (Question about handling job applications without formal certifications, given a strong foundation in programming and penetration testing skills).

29:54 | (A student expresses frustration with job applications and seeks advice on improving their approach).

30:34 | (A student asks for advice on handling challenges related to port scanning and HTTP requests).

31:13 | (A student asks about focusing on specific vulnerabilities and suitable websites for practical application).

33:44 | (A student clarifies a previous question about focusing on websites that offer bug bounties or those that don't).

35:04 | (Question on troubleshooting firewall bypass techniques during penetration testing).

36:36 | (Question about handling a fragmented learning experience when balancing a course with other academic commitments).

37:41 | (A student is struggling with practical application and asks for resources to bridge the gap between theory and practice).

38:39 | (Question about the best platform to start penetration testing after completing web modules).

39:30 | (A student asks for advice on finding job opportunities with their existing skills (CCNA, OSCP, Red Teaming)).

40:09 | (Question about the challenges of finding a job before mandatory military service).

40:40 | (A question on the best practices of adding discovered vulnerabilities in a resume).

41:50 | (A student shares their experience in penetration testing and asks for guidance on finding work online or in Egypt).

44:40 | (A student expresses gratitude for the course material and asks for advice on interview preparation, given their knowledge of CompTIA and other certifications).

47:00 | (A student asks for advice on choosing bug bounty programs based on their current skill level).

49:14 | (A student shares their challenges with JavaScript, and asks if it's a necessary skill for a cybersecurity career).

51:27 | (A student asks about building a mindset for hacking and creating effective methodologies for penetration testing).

52:52 | (A student asks about documenting and sharing duplicate CTF challenges solved for their portfolio).

53:30 | (A student seeks clarification on the one-month bug bounty program recommendation).

54:38 | (A student asks for advice on enhancing their LinkedIn profile and generating engagement, given low interaction).

56:40 | (A student shares their approach to learning through past events and seeks guidance on whether it's an effective approach or should they change it).

1:00:33 | (A student shares their challenges with maintaining focus and overcoming feelings of being lost during penetration testing exercises).

1:05:18 | (A student asks about the best approach to learning about SQL injection, focusing on efficient practice methods).

1:06:39 | (A student shares an experience of reporting a vulnerability and asks about the approach to sharing vulnerability findings on Medium).

1:11:05 | (A student asks about the realistic salary expectations for penetration testers, specifically in the context of foreign companies' salary figures).

1:12:28 | (A student asks about the necessity of a strong programming foundation before starting a cybersecurity course).

1:13:37 | (A student asks for recommendations on cybersecurity books, seeking alternatives to online courses).

1:14:48 | (A student describes their learning process, involving YouTube, CTF challenges, and write-ups, and asks about the efficiency of this method).

1:20:57 | (A student asks for guidance on selecting and prioritizing bug bounty programs, considering their progress in Red Teaming and live hacking).

1:24:05 | (A student asks about focusing on specific areas like mobile apps, networking, or Active Directory, and when to shift focus to another area).

1:26:06 | (A student describes their experience with CTF challenges and asks about alternative platforms for varied learning experiences).

1:27:40 | (A student shares their concerns about encountering scams while searching for bug bounty programs).

1:28:46 | (A student asks for advice on proceeding with a cybersecurity learning path, given their existing knowledge and a break from studies due to mandatory military service).

1:30:43 | (A student asks about the best certifications: OSCP vs. the Hack The Box’s CBTF certification).

1:33:38 | (A student expresses uncertainty about choosing between cloud and Red Teaming, seeking advice on which area offers faster job prospects).

1:37:30 | (A student asks about the importance of CTF competitions in building a cybersecurity resume, and seeks advice on how to participate).

1:38:49 | (A student asks about prioritizing bug bounty programs based on factors like the number of vulnerabilities reported, reputation, and scope).

1:40:32 | (A student asks about tailoring a resume to attract attention from European employers).

1:41:53 | (A student asks about the nature of the Security Analyst role (Red vs. Blue Team) and whether the course material adequately prepares them for the role).

1:43:34 | (A student asks about essential programming languages to master and their relative importance).

1:44:14 | (A student asks about the value and ranking of the GIAC Penetration Tester certification).

1:45:33 | (A student asks about handling situations where they find vulnerabilities but struggle to create a proof-of-concept exploit for reporting).

1:47:08 | (A student asks for advice on managing the timing and duration of studying programming modules in their cybersecurity course).

1:49:13 | (A student asks about the type of certificate received upon completion of the Red Teaming course).

1:49:31 | (A student asks for advice about obtaining the Hack The Box CBTF certification, considering cost and comparing it to other certifications).