I want to get into IT-Secutiry (Pen-Testing, Perhaps some grey-hat exploit peddling if I can acquire the skills, general hacky fuckery) but most online services just try to sell you their online-course.
Would some kind Sup Forumsentoomen give me some pointers?
Currently doing CS at Uni and bored out of my mind.
I'd appreciate the help.
Other urls found in this thread:
ufile.io
youtu.be
twitter.com
There was a good thread on it a while ago. It seems its hard to break into as a fresh graduate. I was thinking about doing it but decided to say fuck it and went with accounting instead. If it wasnt so hard to break into and employers realized the importance of infosec then it would be worthwhile. If youre bored with cs i dont see you liking infosec tho
Bored as in the courses are boring as shit. "Best practices of object orientation", come the fuck on I don't need some asshole telling me about object calisthenics.
I dont visit the board as often as i used to but i think theres a infosec general you could probably post in there as cancerous as generals can be tho.
I might have archived that thread tho let me see if i can upload it somewhere
Here it is my friend uploaded to some jewish looking site. Just an html file tho from a Sup Forums thread i saved on someone asking about the infosec field
Well shit, that's actually very helpful.
Thank you very much, my man.
Security is shit.
Don't fall to that meme. it's not really interesting, you get to to do a shitty job which nobody appreciates and you can't do freelance jobs with it.
Be a developer instead.
t. Security sysadmin/incident response for 3 years(FIrewalls,NAC, Forensics,reversing etc).
Archive user here, whats a daily day look like for you? Even though i pursued another field i still am curious about the security side of things
After just about becoming a senior software developer at my firm I just don't see the appeal.
You get to do everything you're told by some PM and get fucked every chance they get.
I am now a modified version of a regular sysadmin but with security systems instead of normal enterprise systems.
I make firewall rules, security policies, WAF, proxy, Antivirus,IPS etc but most of the time I deal with angry users who can't access some server or a program, or their printer gets disabled by NAC security policy.
Back in the day in my previous jobb I did some SOC monitoring, Host forensics and some malware analysis. I didn't really like it. It was like searching for a needle in an endless haystack.
If you still want to get into security I suggest security researcher, developer of security programs or pentester. all else is pretty mundane at best
God sounds pretty fucking boring. Glad i just keep computers as a personal hobby. I wish the op luck in his quest to not be bored
OP here.
What's your take on pentesters?
Ikr, im currently learning to be a developer and be a freelance mobile app/web dev.
Already know server sode Java, some node.js,Python and some client side
Depends.
You can be some boring pentester who runs automated tools like a retard, or actually do some reconnaissaance work,social engineering, develop your own exploits and researching them. I suggest the latter
Every prof is either shilling low-level programming or Admin jobs and encourage you to now get into development.
But if that floats your boat, really hope it works out for my my nigga.
Just got a job at an SOC, pays double what I make currently as a technician and i don't have a degree.
I got lucky, but all i really did was mess around in a home lab, watch videos on youtube and cybrary, and read some security+ stuff. I also keep up on news with blogs etc and watch defcons a lot on youtube. Mostly they just liked me a lot, so i guess I would suggest to learn the basics and find somewhere that you get along with the people there really well. My understanding is that they'll provide all the training I'll need. I have a genuine interest in the field and am 99% certain it's where I want to end up, also I have no desire to be a boring pentester like another user mentioned earlier, and I think the interviewers could tell i was serious and have a lot of ambition/potential
Also refine the shit out of your resume so you can at least get on a company's radar and promise you'll learn what you need to get hired even if it's in the future
I'll get my degree, I'm way too comitted now.
Right on, I wasn't implying that you shouldn't, you'll might even be more prepared than I am afterward. Just letting you know that it's definitely possible to break into the field early on.
Thanks, I appreciate it, good to hear.
So, you recommend some cybrary on the side, perhaps some CTF and whatnot. What blogs/sites do you frequent?
Schneier, krebs, thn, wired has some alright articles sometimes under threat leveo, dark reading, etc., and general tech stuff like ars, techspot, cnet sometimes, etc
Also learn what you can about policy and social engineering, both are sometimes overlooked by degree programs and it might not be obvious that both are essential. Sec+ material is decent for the former. Recommend watching this as a primer for the latter youtu.be
Oh, check out the Metasploitable course (free) by the OSCP guys. Having a home lab is essential to learning, and that's a pretty great place to start (not to assume anything, I just don't know your experience/situation).