Question time

I'm a security consultant at a fortune 500 company. Ask me anything.

Common Sup Forums shoot your questions at me!

Are you too fat for a real job?

What size shoes do you wear, and are they an accurate reflection of the size of your genitals?

What degree?

Might get in this with cs degree in progress.

is it normal if my poop is like a puddle of mud but with blood?

not every time, but from time to time

I weigh around 70kg. So clearly not.

>What size shoes do you wear, and are they an accurate reflection of the size of your genitals?
Size 46 in Europe.

Did CS. Although the theoretical basis of my degree is a huge plus learning stuff on the job is a must. And I wouldn't have gotten this job if not for my own interest/curiosity in security.

Does that mean you just do mundane shit like annoy your employers with checkpoint and the like?

I work as a developer and the day we brought on a full time security guy was the day we had to start doing faggot security tests, sign 2000 security documents, etc.

Also, our security guy just knows how to run his little security programs. He can't write code and just checks blocks. Nothing sexxy like Penn testing.

I'm sure youre like this right, glorified sysadmin?

What do you do for a living?

No, see a doctor about it.

>Does that mean you just do mundane shit like annoy your employers with checkpoint and the like?
Nope. Sounds like a huge scam desu. I provide real advice and do pentesting on a daily basis.
>I work as a developer and the day we brought on a full time security guy was the day we had to start doing faggot security tests, sign 2000 security documents, etc.
Classic huge corp. It's the same everywhere and top management doesn't have a clue about security.
>Also, our security guy just knows how to run his little security programs. He can't write code and just checks blocks. Nothing sexxy like Penn testing.
Of course we use tools to aid in pentesting. But if you're not putting manual effort in it your a shitty pentester and you suck at your job. It's fun weeding out the skids when conducting technical interviews.
>I'm sure youre like this right, glorified sysadmin?
Nope. I run my own projects. Decide completely how to approach testing the service/device/... Part of my job is also reading up on the latest security news/vulns/tools/...

Guess what: Security Consultant.

It pays better than anyone else i know with my degree and experience.

Thanks for the reply and for confirming what I figured: it's a scam, at least in our company.

We (all developers and such) knew it and knew he was installing monitoring software on our systems, but the sec guy is buddy buddy with ceo and apparently were required to be under certain federal guidelins yada yada yada.

Fucking corporate welfare man.

Did you get that job right out of uni? How long can you maintain an erection?

How hard it is to get into that field?
Assuming one has CCNA level of knowledge(well slightly higher), analytic mind, and is being able to learn(not memorize, but understand) stuff really fast?

>Fucking corporate welfare man.
There's so much bullshit being sold in the computer security field it's not even funny any more.

I've seen a pentest report of a company that contained barely any findings. Just some findings that burp reported. When we tested the same website we found remote code execution, XSS, authorisation bypasses, ...

>Did you get that job right out of uni?
Yes. Did my master thesis in security and only had a couple optional courses on security though. And while studying got in contact with the company through our university CTF team.

>How long can you maintain an erection?
Never measured really. Hours if i'm edging when browsing dank pr0n.

>How hard it is to get into that field?
At a shitty company? Piss easy i imagine. At a good company? Pretty hard. Our recruiting process is ruthless and that's necessary.
But if you want to get into it: Start doing wargames (e.g. overthewire.org), read some good books,...
And then you can always test your skills by trying to get some bugbounties via e.g. hackerone.

Wake me up

That's not really a question is it?

Can't wake up?

Care to recommend good books?
I've went for bad field (not it related, getting my masters soon, at least it is free) and I want to re-specialize into something both interesting and that pays relativly well.

im a IT student from Costa Rica, just in my first year but ive always thought about chasing security as a job, would you recommend it? does your company or any company you know outsource? any foreign employees in your company or other companies you know?

The Web Application Hackers Handbook definitely. But i think the Sup Forums wiki even recommends some nice books. Also you need to have that curiosity, that itch for knowing.

The security field is booming so any company that starts to realize the importance is hiring. And since my customer is such a big company they are hiring internationally if you're willing to relocate. Remote work might be possible in some more open-minded companies but even then that's probably not something they will allow starters to do.
It's definitely an interesting field to work in and since it's highly technical expertise it pays well.
If you're already interested in security start doing this . You can only learn pentesting well by doing it. Focus on concepts/vulns/attacks not on tools. Knowing the development side also helps since you can better imagine how silly devs might implement things.

what things do i need to know before hand? right now i know basic to very low level intermediate c++, ive messed arround with data bases a bit, recently transitioned to loonix hoping to learn more.

what do you recomend?

I can wake up pretty much whenever i want. Flexible hours so that nice.

Flexible work hours are my dream.
I usually get urge to work at night.

Do you think someone with sufficient interest, dedicated time, and qualifications (in terms of ability to code, and knowledge of security systems.) Could get your position if they studied something else?

Say economics? I'm already third year in economics so there's not really any going back but I'm doing everything I can to load my resume with CS experience because this is the field I want to go into.

Really depends on what kind of security you are interested in.

Reversing? Then knowing C/C++/asm/... will of course be necessary.

Web application security? HTTP security, JavaScript, SQL/NoSQL, PHP, ...

But I'm a fan of having a broad basis. Because everything interacts with each-other in the end.

Lots of people do. I thinks it's getting more and more common because it's just more productive in the end.

>Do you think someone with sufficient interest, dedicated time, and qualifications (in terms of ability to code, and knowledge of security systems.) Could get your position if they studied something else?
Sure. Most of the things I do in my job are self-learned. Of course with CS you have a really strong background. Also play the economics card to your advantage. To a lot of managers it's very valuable if you can talk in their language and be a translator between the technical part and the business part.

Both in recruitment at the consulting firm the client we really don't give a shit about your degree. If you pass the tests it really doesn't matter. Just don't fucking lie on your CV. It's wasting everybodies time. We literally stopped and interview because some dude that allegedly gave a security course didn't know what the Secure cookie http flag was.

Right, I'm going to sleep now. I'll check whether the thread is still alive when I'm awake if that's the case I'll answer some more questions. If not well maybe see you another time!

It was nice talking to you anons.

What is the compensation exactly?

What vulnerabilities does this fortune 500 company have?

thanks faggot

Tell me about an interesting exploit that you have had to deal with. Something not on the owasp list

Maybe I should rephrase. I am looking for an interesting story, not just "forgot to escape inputs and outputs" type of thing.

How do you keep Win 10 secure? :^)