Security side gigs.

Do any of you guys have a side gig that you like? I would like to start stacking cash for retirement. I live in an area where the cost of living is extremely low, so moving off doesn't make a lot is sense at this point. I will have fiber to my home up and running by the end of fall, so I could work from home with plenty of bandwidth.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

ITSpectre

I collect chickens from the country part of VA where I used to live at and sell the eggs for profit.... Small gains and I have to compete with large grocers

Kidding.....

But I do a small amnt of tech support and I started doing Computer repair and restorations. I like to take old PCs that people are throwing away and fix them and see if I can use the parts to fix other computers. I also do a small amnt of tech support and help people with their computer issues. What I like about PC restoration is I get to work with my hands and tools to fix things.... Ive always liked watching those handyman shows that were on TV on Sat mornings before the cartoons came on.... I said why not do that with Computers. What I hope it will turn into is a side job for me so I can have a small repair shop part time and be able to use the parts from all the computers I salvaged to fix other computers.

Ertaz

ITSpectre wrote: »

I collect chickens from the country part of VA where I used to live at and sell the eggs for profit.... Small gains and I have to compete with large grocers

Kidding.....

But I do a small amnt of tech support and I started doing Computer repair and restorations. I like to take old PCs that people are throwing away and fix them and see if I can use the parts to fix other computers. I also do a small amnt of tech support and help people with their computer issues. What I like about PC restoration is I get to work with my hands and tools to fix things.... Ive always liked watching those handyman shows that were on TV on Sat mornings before the cartoons came on.... I said why not do that with Computers. What I hope it will turn into is a side job for me so I can have a small repair shop part time and be able to use the parts from all the computers I salvaged to fix other computers.

Sadly, all of my side computer work is completely pro bono. Little old ladies from church will bring me their PCs and I will remove every Trojan they've clicked on... It usually ends up being a rebuild if the malware is too nasty. I just can't stand the notion of Best Buy charging these people $150 to only marginally repair their system. Many of them are on social security so that represents a big portion of their monthly income.

ITSpectre

Ertaz wrote: »

Sadly, all of my side computer work is completely pro bono. Little old ladies from church will bring me their PCs and I will remove every Trojan they've clicked on... It usually ends up being a rebuild if the malware is too nasty. I just can't stand the notion of Best Buy charging these people $150 to only marginally repair their system. Many of them are on social security so that represents a big portion of their monthly income.

Speaking of best buy.... that is the MAIN reason why I wanted to get into PC repair. Best Buy (I know former geek squad techs) really do not repair your PC... they use a free program to remove viruses and trojans etc... then they want to charge 200.00 just to look at your PC. Then if the PC cant be saved they back up the data and wipe it and do a reinstall then put all your stuff back on the PC. And I can do the same job for less then 200.00 and still make a profit. For me its about helping people and teaching them about technology.... tech is ever changing and its leaving a lot of people behind.

SaSkiller

I'm looking for a second job as a Security Analyst, no luck yet.

thomas_

@Ertaz - I'm not sure what type of security side gigs you are looking for, but on Upwork I occassionally see people posting jobs for help in securing their website after hacks and/or cleaning up their websites from hacking attacks. If that's not your cup of tea, they have a search function where you can do a keyword search to try to find jobs that would interest you.

Cyberscum

Get a free vulnerability scanner and get very good using it. Then advertise for maybe a couple hundred bucks to scan local businesses websites, networks/drives etc for a few hundred bucks. You don't even have to offer a solution, some are content with just knowing.

Kali (Linux) has some great scanners with decent public support.

Try distrowatch for a clean download mirror.

pinkydapimp

Cyberscum wrote: »

Get a free vulnerability scanner and get very good using it. Then advertise for maybe a couple hundred bucks to scan local businesses websites, networks/drives etc for a few hundred bucks. You don't even have to offer a solution, some are content with just knowing.

Kali (Linux) has some great scanners with decent public support.

Try distrowatch for a clean download mirror.

Totally this. Or even just high level security consultation on best practices. Many small business might pay you good money for some advise. Maybe volunteer for a few companies and ask for them be references for you.

billDFW

pinkydapimp wrote: »

Totally this. Or even just high level security consultation on best practices. Many small business might pay you good money for some advise. Maybe volunteer for a few companies and ask for them be references for you.

Cyberscum wrote: »

Get a free vulnerability scanner and get very good using it. Then advertise for maybe a couple hundred bucks to scan local businesses websites, networks/drives etc for a few hundred bucks. You don't even have to offer a solution, some are content with just knowing.

Kali (Linux) has some great scanners with decent public support.

Try distrowatch for a clean download mirror.

Hello guys, interesting posts. What kind of "good money" are these small businesses paying ? Is it a one-time fee for a one-time audit/review, or an ongoing relationship, for a larger XXXX fee ? How long (time) does it take to scan a local business website ? If one were to charge $500 to do this, I wonder how many you can do in a week or a month.

I will be studying for my Network+ and Security+ and hope to have them by end of year. I also am looking at entry-level cyber security jobs and also would like to try to build experience, etc.

Thank you for your help

Cyberscum

billDFW wrote: »

Hello guys, interesting posts. What kind of "good money" are these small businesses paying ? Is it a one-time fee for a one-time audit/review, or an ongoing relationship, for a larger XXXX fee ? How long (time) does it take to scan a local business website ? If one were to charge $500 to do this, I wonder how many you can do in a week or a month.

I will be studying for my Network+ and Security+ and hope to have them by end of year. I also am looking at entry-level cyber security jobs and also would like to try to build experience, etc.

Thank you for your help

Well, to be honest almost no one is going to let you do any of this to thier network without a proven track record or some serious luck. If u know security then u know that there are countless rules and regs not to mention SLAs, insurance and other barriers you will have to overcome.

Start with baby steps. Build a virtual network and practice. Once u feel comfortable try and brach out to businesses. I had luck at first with churches and u would be surprised how elaborate their networks can become.

Good luck.

pinkydapimp

billDFW wrote: »

Hello guys, interesting posts. What kind of "good money" are these small businesses paying ? Is it a one-time fee for a one-time audit/review, or an ongoing relationship, for a larger XXXX fee ? How long (time) does it take to scan a local business website ? If one were to charge $500 to do this, I wonder how many you can do in a week or a month.

I will be studying for my Network+ and Security+ and hope to have them by end of year. I also am looking at entry-level cyber security jobs and also would like to try to build experience, etc.

Thank you for your help

How much they might pay really depends on what services you provide. With no experience i can’t imagine all that much. But its still a way to get experience which should be the main goal with this.

Like Cyberscum mentioned you won’t be trusted with anything serious. But you could still provide high level best practices. Like, checking to see that they have anti virus, confirming its up to date. Checking that passwords on routers and computers are strong and not all the same. Confirming they change them regularly. Basic stuff like this should be helpful to small businesses. Just make sure to defer to more skilled folks for anything more serious like meeting compliance or ensuring firewalls are properly secured, etc.

billDFW

Thank you !

UnixGuy

Cyberscum wrote: »

Get a free vulnerability scanner and get very good using it. Then advertise for maybe a couple hundred bucks to scan local businesses websites, networks/drives etc for a few hundred bucks. You don't even have to offer a solution, some are content with just knowing.
....

^^ I really like this idea mmmm....maybe once I cert up and build more experience.

Cyberscum

UnixGuy wrote: »

^^ I really like this idea mmmm....maybe once I cert up and build more experience.

I will tell you (and for the OP) that there is a huge market for consulting. I can't even count how many SMB's out there operate their networks like the wild wild west.

If you can get very comfortable with NMAP, wire shark and OpenVAS you can help these SMB's out tremendously by actually mapping their networks, looking for obvious congestion and securing obvious misconfigurations.

Using these three tools makes that job very easy and you could make a pretty penny in the process.

If you are a natural salesperson you are golden...but most SMB's are able to see the value in this trio for the right price.

Cyberscum

The hardest part IMHO is navigating the legal side abd covering your rear if a company that you "secured" gets hacked...they will always point the finger at you as you were the "expert" that provided the services.

CYA with paperwork, paperwork, paperwork...

Ertaz

Thank you guys for all the responses. Hopefully I will have my CASP at the end of the month, then move on to something more technical after that. It looks like I need to to start my own business and get licensed/bonded/insured.

Cyberscum

Ertaz wrote: »

Thank you guys for all the responses. Hopefully I will have my CASP at the end of the month, then move on to something more technical after that. It looks like I need to to start my own business and get licensed/bonded/insured.

CASP is a great cert, but IMO I would go CISSP (even if its the associate) as it is the most recognized security cert. Its not technical by any means and has the most ROI if you are just looking at getting some security credentials. If you are looking for actual knowledge in what we are discussing I would go OSCP (but might be a HUGE learning curve).

If you are only looking at starting a biz with a very straight forward offering of basic security I would do the following.

Get your CISSP>Get a few books on KALI and learn it like your job depends on it>network and get your name out there at local IT, school and small biz events. Oh, and get some legal advice or a lawyer

Ertaz

Cyberscum wrote: »

CASP is a great cert, but IMO I would go CISSP (even if its the associate) as it is the most recognized security cert. Its not technical by any means and has the most ROI if you are just looking at getting some security credentials. If you are looking for actual knowledge in what we are discussing I would go OSCP (but might be a HUGE learning curve).

If you are only looking at starting a biz with a very straight forward offering of basic security I would do the following.

Get your CISSP>Get a few books on KALI and learn it like your job depends on it>network and get your name out there at local IT, school and small biz events. Oh, and get some legal advice or a lawyer

Got my CISSP already. Wanted a more hands-on cert with the CASP. I already bought the voucher for the CASP and I'm %90 prepared for it. I ran backtrack before it became KALI, so I'm not totally new

Cyberscum

Ertaz wrote: »

Got my CISSP already. Wanted a more hands-on cert with the CASP. I already bought the voucher for the CASP and I'm %90 prepared for it. I ran backtrack before it became KALI, so I'm not totally new

Oh snap!

I read a post from BILLDFW talking about net/sec+ and thought it was the OP.

Disregard the last few posts.

UnixGuy

Cyberscum wrote: »

....

If you are a natural salesperson you are golden...but most SMB's are able to see the value in this trio for the right price.

I'm a natural salesman/bs artist of sort....I worked in the performing arts since I was a kid so my people skills are way above average.....you got me thinking....once I finish my certs and job change...that's what Im gonna do!

billDFW

Cyberscum wrote: »

Oh snap!

I read a post from BILLDFW talking about net/sec+ and thought it was the OP.

Disregard the last few posts.

Cyber: thank YOU for keeping me in mind.

Ertaz: Don't you need some real-world experience to get the CISSP ? (maybe you indeed have that, just asking)

pinkydapimp

billDFW wrote: »

Cyber: thank YOU for keeping me in mind.

Ertaz: Don't you need some real-world experience to get the CISSP ? (maybe you indeed have that, just asking)

for the CISSP you need about 5 years real world experience. However, you can take and pass the test with out the experience and you will have learned a ton. You will not have a CISSP however. You will be an "Associate of ISC" which doesnt hold a ton of weight. However, once you get the experience you will get the CISSP credential since you already passed the test.

Ertaz

billDFW wrote: »

Cyber: thank YOU for keeping me in mind.

Ertaz: Don't you need some real-world experience to get the CISSP ? (maybe you indeed have that, just asking)

Yes, I have around 20 years securing things as part of my job, I've been a Cisco Certified Security Professional(Now CCNP-Security), HP-UX Certified System Administrator, Alcatel Certified Switch Professional, Certified Novel Admin. Those have all expired so I don't list them. I wasn't in a job role where I could renew them

. I now do Vulnerability Management. I got my SEC+ in August and my CISSP a month ago.

I like my current role. The hours are normal, there is no on-call. I would like to apply my free time to earn some extra cash.

Cyberscum

Well I figure that if everyone on this thread isinterested in relatively the same consulting path why not get together to hone in our skills.

I'm not saying start a biz, but work together to master the offering and start our own services.

I've worked a few years with eye retina, ACAS and Kali for gov agencies so I know the gov side, but am interested in learning the civil side.

I'm down getting together with anyone likeminded and willing to learn a lot.