Reality Check
Cold Titanium
Users Awaiting Email Confirmation Posts: 82 ■■□□□□□□□□
So as some of you know I'm pursuing the occupation of pentester/sec researcher. My ultimate goal would be malware analyst/monitoring global threats/research. It seems that nowadays everybody wants to be a l33t h@x0r cyber security <insert buzzword> etc etc...I blame TV. I was browsing IT books at a store and some dude asks me if he can start hacking websites as soon as he learned that "C" language. I should have told him that he needed visual basic (Ref: GUI interface using visual basic to track the killers IP address CSI - YouTube)
I understand that being in the security realm demands broad exposure to many underlying technologies within IT. That is why I went with networking in the first place way back when I was looking at my AAS. I figured that I would see more than just being a software developer.
Am I ready to start trying to get into the pentesting field? I just really want to avoid being yet another script kiddie.
I have an AAS in networking and a BS in IT Security. I have 2.5 yrs experience as a "network analyst" in both a university and health care environment. I've handled (in the real world) VoIP, wireless, switches, a little routing and firewalls, site-to-site VPNs, billing software, ticketing systems, a linux HPC, a lovely Nortel PBX, basic Sys Admin stuff (MS and Centos/Redhat/Debian(apache/cacti/ssh/etc), and a ton more stuff I forget about. I admit that I'm still a relative noobie in the world of IT, but I've at least been exposed to a fair amount.
I'm not letting myself get put off by the waves of other wannabees surging into this field, but I want to make sure I'm being realistic with myself. I intend to make my first real plunge into that world by pursuing the OSCP which I think I'll be starting on the 25'th.
So assuming I get the OSCP, could I realistically hope to find somewhere willing to take on a junior pentester hopeful like me? I'm already trying to start networking by going to meetup groups and talking to people.
I understand that being in the security realm demands broad exposure to many underlying technologies within IT. That is why I went with networking in the first place way back when I was looking at my AAS. I figured that I would see more than just being a software developer.
Am I ready to start trying to get into the pentesting field? I just really want to avoid being yet another script kiddie.
I have an AAS in networking and a BS in IT Security. I have 2.5 yrs experience as a "network analyst" in both a university and health care environment. I've handled (in the real world) VoIP, wireless, switches, a little routing and firewalls, site-to-site VPNs, billing software, ticketing systems, a linux HPC, a lovely Nortel PBX, basic Sys Admin stuff (MS and Centos/Redhat/Debian(apache/cacti/ssh/etc), and a ton more stuff I forget about. I admit that I'm still a relative noobie in the world of IT, but I've at least been exposed to a fair amount.
I'm not letting myself get put off by the waves of other wannabees surging into this field, but I want to make sure I'm being realistic with myself. I intend to make my first real plunge into that world by pursuing the OSCP which I think I'll be starting on the 25'th.
So assuming I get the OSCP, could I realistically hope to find somewhere willing to take on a junior pentester hopeful like me? I'm already trying to start networking by going to meetup groups and talking to people.
2014 Goals
- Pass OSCP (In Progress)
- Obtain employment in IT Security
Comments
-
olaHalo Member Posts: 748 ■■■■□□□□□□I think you're doing fine and way ahead of the skids.
The "wannabees" dont have your credentials, knowledge, or even a basic understanding of networking, IPsec, or IT in general.
If you lived where I live you get easily get a job doing what you want right now. -
Cold Titanium Users Awaiting Email Confirmation Posts: 82 ■■□□□□□□□□Heh, got any links to these jobs? I'm willing to go just about anywhere! I'm all fired up and raring to go!2014 Goals
- Pass OSCP (In Progress)
- Obtain employment in IT Security
-
olaHalo Member Posts: 748 ■■■■□□□□□□Cold Titanium wrote: »Heh, got any links to these jobs? I'm willing to go just about anywhere! I'm all fired up and raring to go!
Hes a great guy but his credentials dont match yours at all. I actually wanted to at least interview for the position but Im too new to the company to transfer.
After talking to him a bit he said he gets calls all the time... -
docrice Member Posts: 1,706 ■■■■■■■■■■It sounds like you have the right attitude. Broad exposure is important, but being able to understand things in-depth is also necessary. It's also unrealistic to expect everyone in infosec to have great depth on every subject area, which is why even offsec folks have to specialize while commanding at least a decent understanding of tangible areas.
There's probably a growing demand in the infosec area so the opportunities are presumably more abound than in years past. In that sense, it may be easier to get into security these days because of the awareness of this need, but you have to be able to earn that trust at the skill and personal level. The raw skills to break into environments is good, but knowing what to recommend to clients on defending against those break-ins is equally important.
Keep punching the digital holes (figuratively and literally), write blogs, talk to peers, make connections, and you'll probably find yourself in a good spot soon. In the meantime, leverage your current position(s) to hone your defense-side skill and be able to extrapolate what the threats/risks look like that you're mitigating against.Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/