Is it possible to volunteer for small Information security projects?

jaguaarjaguaar Member Posts: 58 ■■□□□□□□□□
I understand that security is a major concern for any organization and therefore getting volunteer type of work is out of question. However, I do want to gain some practical field experience - Be it doing some research or engaging with vendors or 3rd party suppliers or penetration testing etc.
So is there any way I can become part of such projects on volunteer basis for couple of weeks? Or do you have any other advise for someone in my position?

Comments

  • Danielm7Danielm7 Member Posts: 2,309 ■■■■■■■■□□
    I'm normally all for suggesting volunteer work as a way of getting experience but I'm a little confused on what you want to offer. You want to go to businesses and offer to engage with vendors? Or you want to do penetration tests? Do you know how to do any of these things already or hoping to learn on the fly with their security?
  • yoba222yoba222 Senior Member Member Posts: 1,232 ■■■■■■■■□□
    No idea how to join but this caught my eye last month:
    https://cobalt.io/
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • scaredoftestsscaredoftests Security +, ITIL Foundation, MPT, EPO, ACAS, HTL behind youMod Posts: 2,781 Mod
    Equifax might need some help....
    Never let your fear decide your fate....
  • PhalanxPhalanx I have many leatherbound books... United KingdomMember Posts: 331 ■■■□□□□□□□
    yoba222 wrote: »
    No idea how to join but this caught my eye last month:
    https://cobalt.io/

    https://app.cobalt.io/users/sign_up/tester
    Client & Security: Microsoft 365 Modern Desktop Administrator Associate | MCSE: Mobility
    Server & Networking: MCSA: Windows Server 2016 | MTA: Networking Fundamentals
    Data Privacy & Project/Service Management: PECB GDPR DPO/Practitioner | ITIL 2011: Foundation | CompTIA Project+
    Currently Studying: Microsoft 365 Enterprise Administrator Expert
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    Build a home lab. Or try bug bounty programs.

    Gonna pretty pretty unlikely a company is going to want someone who is willing to work for free to help them out with their security. I hope so anyways.
  • jaguaarjaguaar Member Posts: 58 ■■□□□□□□□□
    G'Men
    Thanks for the replies. I think I should elaborate my situation a bit more.
    I have worked in IT infrastructure, Technical support, Physical security and Auditing, and Networking for several years. I have also worked with some aspects of cyber security including Identity and Access Management, Basic log analysis, Network security and some Vuln testing etc. However I worked for only two companies, bith jb titles were Technical support specialist and Technical support Analyst. I feel that I need to have following two if I want to move into pure cyber security roles:
    1. Extensive hands on experience involving real life GRC, SIEM, IAM and Network security situations.
    2. At least 1 or two companies in my work experience section on my resume with job titles having security.
    So the question is how do I get the above?
    For 1, I am doing extensive study of whatever videos and examples I can find on the net including the paid and free ones on udemy Youtube cybrary etc. However I can't seem to find real life examples, for example of SIEM logs showing sql injection attack or a siem log showing network intrusion attempts. Any suggestions where can I find such stuff that is more real life like? ( I am also labbing trying to set up my own network at home with routers/switches/ firewalls and doing pen testing, scanning etc)
    For 2 - I am lost! How do I get at least 1 or two pure cyber security job experiences with security in job titles quickly? One option that crossed my mind was to volunteer if possible.
    Does anyone have any suggestions for me?
  • Danielm7Danielm7 Member Posts: 2,309 ■■■■■■■■□□
    jaguaar wrote: »
    G'Men
    I am lost! How do I get at least 1 or two pure cyber security job experiences with security in job titles quickly?
    You don't, you apply to jobs just like everyone else does. You said yourself you've already done IAM, log analysis, network security, vuln testing, so highlight those things in your job roles now. Job titles aren't everything, maybe you're trying to walk right into a Sr level role which isn't likely to happen on your first job, nor should it.

    Maybe work with a recruiter that can sell the fact that you're doing security tasks now but just don't have a 100% security title? I had the same problem moving into security myself. I don't know of a magic bullet that quickly puts multiple security jobs on your resume, if so everyone would be doing it already.
  • jaguaarjaguaar Member Posts: 58 ■■□□□□□□□□
    Danielm7 wrote: »
    You don't, you apply to jobs just like everyone else does. You said yourself you've already done IAM, log analysis, network security, vuln testing, so highlight those things in your job roles now. Job titles aren't everything, maybe you're trying to walk right into a Sr level role which isn't likely to happen on your first job, nor should it.

    Maybe work with a recruiter that can sell the fact that you're doing security tasks now but just don't have a 100% security title? I had the same problem moving into security myself. I don't know of a magic bullet that quickly puts multiple security jobs on your resume, if so everyone would be doing it already.
    danieln7
    thanks for your post. Yes i ageee that slow and steady advance should be the preferred way to further the career but i am not sure if my resume will be of any interest to prospective employers particularly when there are so many other candidates. Everyone complains about skills shortage but heavens forbid if they have to train someone
  • Danielm7Danielm7 Member Posts: 2,309 ■■■■■■■■□□
    I totally understand the struggle. But, if they have lots of other candidates with the proper skillset then there isn't really a shortage at all. Work on your resume, if you want to be able to speak more into things like SIEM then you can install the OS version of AlienVault, play with Splunk, etc. Even if you were a master of one then a new system presents new challenges, you'd have to learn new systems anyway. Sell yourself as having the background to do that and you should be OK when you find the right company.

    Any security specific education or certs? Anything that shows you're making more of an attempt at specializing?
  • EANxEANx Member Posts: 1,078 ■■■■■■■■□□
    Skills shortage = shortage of people I don't need to train from the ground up.

    I'm willing to take a chance on someone a little short on skills if they show passion and a home lab is one way to do that. You say you're "trying to set up my own network at home with routers/switches/ firewalls and doing pen testing, scanning etc". "Trying" is a cop-out, you either are or you aren't. With VMware Workstation Player and a host of evaluation products from companies like Splunk and Palo Alto, never-mind Kali and vulnhub, there's little cost associated with learning. If you want the benefit of the doubt, you have to give hiring managers a reason to believe you are doing everything you can learn.

    So what, specifically, have you been doing to demonstrate passion?
  • jaguaarjaguaar Member Posts: 58 ■■□□□□□□□□
    EANx wrote: »
    Skills shortage = shortage of people I don't need to train from the ground up.

    So what, specifically, have you been doing to demonstrate passion?
    EANx - I have, first of all, compiled a list of must have or most demanded skills based on my scan of job boards etc. Have short listed quite a bit of stuff and started with a course and hands on practice of wireshark, QualysGuard and SIEM logs. I also tried quite hard to find a video example of an actual incident response but have not been able to find anything concrete.
  • tedjamestedjames Scruffy-looking nerfherdr Member Posts: 1,179 ■■■■■■■■□□
    Re: incident response, I don't know if this is what you need, but it might just help:

    https://www.youtube.com/results?search_query=security+incident+response

    Udemy.com also has a couple of $20 courses on incident response. Even if they're not great, you don't have much to lose.

    Cybrary also has a course.



  • jaguaarjaguaar Member Posts: 58 ■■□□□□□□□□
    Tedjames Thanks a bunch for posting the links. I saw several of these today. While I understand the concept and methodology now, i cant find an exampke of a real incident which i think will be of immense help for me to understand how things work out in real life in entrrprises. Even made up exampkes would be gine as long as they list the step by step actions. But so far nothingicon_sad.gif
    tedjames wrote: »
    Re: incident response, I don't know if this is what you need, but it might just help:

    https://www.youtube.com/results?search_query=security+incident+response

    Udemy.com also has a couple of $20 courses on incident response. Even if they're not great, you don't have much to lose.

    Cybrary also has a course.



  • tedjamestedjames Scruffy-looking nerfherdr Member Posts: 1,179 ■■■■■■■■□□
    You'd be hard pressed to find actual incident data. Nobody wants to admit that they had an incident. Nobody wants to show their weaknesses. However, you may find some sanitized incident data. I took some great incident handling courses from Carnegie Melon University. You may check their website to see if they have any free info.
  • jaguaarjaguaar Member Posts: 58 ■■□□□□□□□□
    Will this qualify as incident response, containment, something very similar to real life incidents?
    close enough?
    https://www.youtube.com/watch?v=OH_ezYXQ7w4
Sign In or Register to comment.