Netsec Careers?

Anyone work as a penetration tester or in cyber security? Is it as exciting as Mr. Robot makes it out to be?

Other urls found in this thread:

iad.gov/nietp/reports/current_cae_designated_institutions.cfm
twitter.com/NSFWRedditImage

Netsec is a specialty career. Think of it like underwater welding. First you learn to weld, then you learn to do it with a specific set of tasks under worse conditions. That's Netsec. Now go learn about system administration, scripting, and come back in a few years.

stick to flipping burgers kiddo

Can I get into it without a college degree?

>Can I get into it without a college degree?

I do.
60k € In Spain. That's a lot.

in reality it is 49% recon, 1% exploitation, and 50% reporting

there are many different paths to take though which is good, and on top of that many different colors of teams you can be a part of.

i enjoy it though

I'm trying to, at this point, teach myself cyber/network security. I'd say I am just now kind of understanding what it is I need to be spending my time working on.

Ive got a homelab setup with several linux distros, windows, metasploit etc... spending most of my time trying to become more fluent in python and its related libraries, as well as trying to become more capable with linux and pentesting related tools(nmap, wireshark).

While I am learning more about the mechanics of networks just by playing around with all these different things I still feel like there is a large gap of basic network infrastructure information that I am missing.

Any advice on books to read or anything else to help supplement my learning?

you will have a MUCH greater chance of breaking through if you go to school for it. this is only the case if you actually go to a good school one, namely one that is getting money from the government for their program.

there are a couple of schools in the midwest and surrounding areas that are good, omaha, south dakota, oklahoma... if you pick correctly you will have to turn down job offers when graduating

>is cybersecurity le epic intense hacking
No, it's running a series of applications while you monitor for statistics then documenting everything into a nice big report.

If you're really lucky you get to make powerpoint presentations to brief middle aged women on why they shouldn't open suspicious files sent through email and disable the antivirus.

Well I am currently working on a computer science degree at my city's community college. But I only plan to do that for another semester or so before moving to an actual university. Any recommendations on what degrees/schools to be looking at?

It seems practical work experience is super important to get while I'm working on a degree, it seems like ideally I would want to get some sort of internship between school years to boost a resume once I have some marketable skills...

Yes if they give you the opportunity to prove to then you know what you're doing

like i said, oklahoma, omaha, south dakota...

iad.gov/nietp/reports/current_cae_designated_institutions.cfm

some are better than others. you should have no problem at all getting an internship if you do your research and chose correctly

After I got out of school I tried jockeying for an entry-level position to align me toward netsec, network engineer, etc. Long story short, I'm now a "DBA" but I haven't had to seriously query a database in weeks. What can I do to get my career back on track and move away from having to tell Business IT that what they want is retarded, but i'll do it if they pay for it?

Yes, but you can also get into a CEO position without a degree. It just is not likely to ever happen.Security positions generally require years of generalized knowledge in IT first.

I make mmorpg haxes (never sold them) and have exploited shitty bugs like the ones on xploooitdb

I'll be honest, there are no real 'H4CK1NG" courses, you learn this by becoming a better programmer and start to understand how programs actually work, otherwise you'll endup either a script kiddie or just someone who tried to be edgy but failed/gave.

This

What most people consider intelligent "hacking" is really exploiting and exploits primarily come from amassing such a knowledge in something that you learn how to break it or spend so much time with it that you just get lucky and happen across an exploit.

This explanation makes a lot more sense when people realize hacking isn't balaclavas and mainframes, think of hacking as some guy 'hacking' two pieces of hardware together which requires a knowledge of how those things work and the ability to predict what will happen when joined.

Anyone have a list like this for Canada?

it's a meme. They run scans and then go to the team that specializes in it linux/windows and are like
>uhhh you have a hole here you're going to need to fix that.
then the team fixes the issue. Watching infosec team use CLI is painful. Had to explain how mounting in Linux works for about 15 minutes to one guy.

I do. Standards conformance and penntesting.

It's pretty boring, mostly reporting. The fun stuff is vulnerability analysis and exploit development. If you can get into vulns research or exploit development, you've got the real Mr robot job.

nyu, cmu, all the top cs schools (ucb, ucla, ucsd, stanford, harvard, mit, caltech, usc, uta, columbia), any nsa recognized center of excellence, whatever you can get into

most netsec people start with reverse engineering and software exploitation then get into general it/networking stuff as they become able to exploit/reverse more complicated multi-tiered programs. no one starts by hacking custom encrypted client-server programs in a hardened linux environment.

ps- phrack had rop gadget stuff in the early 2000s. control flow guard and emet with microsoft edge sandboxing is considered state of the art for windows. pax on redhat/ubuntu is state of the art for linux.

Modern bug finding is turning into applied maths with SMT solvers and complex grammar fuzzing based on malloc/ptr targeting. Usually this requires tracing program input, tracing syscalls, finding resource allocation routines, finding resource garbage collection routines, finding security check routines and then writing some custom input mutators which are then run across a customized cloud environment. Then comes the hurry up and wait part followed by crash dump triage and analysis.

You can find bugs with dumb fuzzers, but most of those are found by developers or low level security people looking to make a name for themselves. Old code like popular shared libraries may contain exploitable bugs, but most of the low hanging fruit is gone. Tools like ASAN, MSAN, UBSAN and Valgrind are pretty easy to use. zzuf, honggfuzz and AFL are simple as well.

yeah, netsec and welding are the same thing. sysadmins and shell scripting are how you netsec. ccna/ccnp are worthwhile and every good hacker has them.

Fuck off Chema Alonso