Same principle as a former burglar who now installs security systems or a former soldier who now works as a bodyguard. You’ve got the skills, you just want to use them in a different way!
Or even just a programmer that decides not to work for FAANG or whatever the acronym is now, and not use their skills for evil.
All the security folks I’ve worked with have seemed like posers who want to be seen as hackers but can do minor ui tricks at best.
Our last cyber security expert just kinda sat back and let the director do all the work and blindly accepted every single recommendation of Fortified…even the stuff that contradicted itself.
[ Their after hours hobby of illegally breaking into computers and websites ]
No comment
#opsec
Let’s just say there was more than one cow that jumped over the moon…
Is there any way to break into the field without being paid garbage? Are there part time options somewhere? Freelancing? Something so I can get that delicious xp to support my degree?
I started as part time without any experience durring my college. I was studying gamedev software engineering, but we had one voluntary class about Ethical Hacking.
I just asked my professor if he can reffer me to someone in the field, followed OWASP Web App Testing guide to the letter when testing the interview homework website, and landed the job without much prior experience (I did attend a few CTF competitions, though).
Just following the checklist in OWASP testing guide made my results comparable to, or even better to some of my colleagues, and I’ve slowly learned the rest (especially internal domain pentesting) from our internal documentation or shadowing seniors during pentests, and simply being interrested in the field, having initiative and looking up new tools and exploits eventually got me to a Red Team Lead role (not a very good RT, though, but it did improve eventually).
The pay was pretty good compared to what’s usuall here in Czech, too. I could comfortably pay rent and get by even with part-time, during college.
I’m writing this comment from the restroom at my part time student job at a cybersec-consulting firm so that’s definitely one way.
Yeah sorry, but I don’t get it. Sorry
I think the message is that many cyber security experts indeed gained their expertise by doing not so legal things when they were younger.
Heh, I came by my abortive (due to disability) cybersecurity career honest - I never really did much hacking, but I built and maintained networks for years and sorta just picked it up. Course it helps that I’d had a couple friends for years before I got into it who had been in the business a long time (one was the network security head for a Tier 2 ISP that covered most of the American Southwest, and the other was on the penetration-testing red team at a US government national laboratory) and liked to talk shop.
I’ve never been a black hat, so I’ll never be a white one. Maybe a white diaper. But I think I’ve missed out, I would be very interested in this stuff, but nah, I’m too old for this shit.
Taking a network fundamentals class right now and the last part of the module was network security, which I thought would be interesting. I couldn’t focus on it at all. It’s weird when you realize that something you thought would be cool can’t hold your focus.
It’s one of those things that sounds cool and fun, then you realize it’s mostly just paper work and reading logs.
I generally blame the instructors when that happens. I’ve taken classes on the most menial subjects that were great because the instructor was great. Almost anything can be enjoyable to learn if you have the right teacher.
I enjoyed all the other stuff in the module and he did fine. Extra points for being online learning and being able to speed up the lecture to keep my ADHD happy. Just that one was pretty bluh.
Can you share a link please ?
Sure. It’s on Coursera
Ty
It’s probably more fun when you’re at school, shutting the teacher’s computer down.
Same
The hand on the kids head is more terrifying than comforting, WTF
I’m in this photo and I don’t like it.
