I started working in 2024. I was hired as an Associate SWE, but I was moved into cybersecurity (specifically application security) without any prior knowledge. Apparently, they can do that. Now I want to continue in this cause this seems interesting and something I would wanna do. Before this, I was on the bench for a long time and was being trained in Oracle ERP. After just about a month of KT sessions, I was directly put into a project.
In this project, we mainly get tickets like scan requests we check the tool dashboard and report if there are any issues. It also involves things like pipeline gating requests, triaging vulnerabilities (marking them as false positives or true positives), and occasionally checking code. Overall, I feel like I’m not really learning much.
In the beginning, everything was a blur. Even though I did a BE in IT, I had no knowledge of cybersecurity concepts like SAST, DAST, SCA, pentesting, etc. Now it’s almost been 2 years, and I want to switch jobs because the pay is very low and I feel like I’m not growing. If I stay here, I feel like I’ll just waste my time.
I’m planning to take the CEH sometime this year and most likely the SC-200 this month. Right now, when I apply for jobs, my resume isn’t getting shortlisted.
I’ve heard that I need to do bug bounty, pentesting, and other hands-on work, but I don’t know how to start. I know there are a lot of roadmaps and materials out there, but I feel overwhelmed by the choices and confused about what to follow.
If anyone can guide me on how to proceed so I can switch jobs this year and actually learn these skills, I’d really appreciate it.
I’m also open to part-time opportunities where I can learn and contribute. I can dedicate around 3–4 hours per day.
Thank you in advance and this is my first time posting so idk much.