Reality Check

So as some of you know I'm pursuing the occupation of pentester/sec researcher. My ultimate goal would be malware analyst/monitoring global threats/research. It seems that nowadays everybody wants to be a l33t h@x0r cyber security <insert buzzword> etc etc...I blame TV. I was browsing IT books at a store and some dude asks me if he can start hacking websites as soon as he learned that "C" language.

I should have told him that he needed visual basic (Ref: GUI interface using visual basic to track the killers IP address CSI - YouTube)

I understand that being in the security realm demands broad exposure to many underlying technologies within IT. That is why I went with networking in the first place way back when I was looking at my AAS. I figured that I would see more than just being a software developer.

Am I ready to start trying to get into the pentesting field? I just really want to avoid being yet another script kiddie.

I have an AAS in networking and a BS in IT Security. I have 2.5 yrs experience as a "network analyst" in both a university and health care environment. I've handled (in the real world) VoIP, wireless, switches, a little routing and firewalls, site-to-site VPNs, billing software, ticketing systems, a linux HPC, a lovely Nortel PBX, basic Sys Admin stuff (MS and Centos/Redhat/Debian(apache/cacti/ssh/etc), and a ton more stuff I forget about. I admit that I'm still a relative noobie in the world of IT, but I've at least been exposed to a fair amount.

I'm not letting myself get put off by the waves of other wannabees surging into this field, but I want to make sure I'm being realistic with myself. I intend to make my first real plunge into that world by pursuing the OSCP which I think I'll be starting on the 25'th.

So assuming I get the OSCP, could I realistically hope to find somewhere willing to take on a junior pentester hopeful like me? I'm already trying to start networking by going to meetup groups and talking to people.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

olaHalo

I think you're doing fine and way ahead of the skids.
The "wannabees" dont have your credentials, knowledge, or even a basic understanding of networking, IPsec, or IT in general.
If you lived where I live you get easily get a job doing what you want right now.

Cold Titanium

Heh, got any links to these jobs?

I'm willing to go just about anywhere! I'm all fired up and raring to go!

olaHalo

Cold Titanium wrote: »

Heh, got any links to these jobs? I'm willing to go just about anywhere! I'm all fired up and raring to go!

We just hired a "network security admin" where I work.
Hes a great guy but his credentials dont match yours at all. I actually wanted to at least interview for the position but Im too new to the company to transfer.
After talking to him a bit he said he gets calls all the time...

docrice

It sounds like you have the right attitude. Broad exposure is important, but being able to understand things in-depth is also necessary. It's also unrealistic to expect everyone in infosec to have great depth on every subject area, which is why even offsec folks have to specialize while commanding at least a decent understanding of tangible areas.

There's probably a growing demand in the infosec area so the opportunities are presumably more abound than in years past. In that sense, it may be easier to get into security these days because of the awareness of this need, but you have to be able to earn that trust at the skill and personal level. The raw skills to break into environments is good, but knowing what to recommend to clients on defending against those break-ins is equally important.

Keep punching the digital holes (figuratively and literally), write blogs, talk to peers, make connections, and you'll probably find yourself in a good spot soon. In the meantime, leverage your current position(s) to hone your defense-side skill and be able to extrapolate what the threats/risks look like that you're mitigating against.