Netsec Careers?

Bentley Sanchez
Bentley Sanchez

Anyone work as a penetration tester or in cyber security? Is it as exciting as Mr. Robot makes it out to be?

All urls found in this thread:

iad.gov/nietp/reports/current_cae_designated_institutions.cfm

Noah Martinez
Noah Martinez

Netsec is a specialty career. Think of it like underwater welding. First you learn to weld, then you learn to do it with a specific set of tasks under worse conditions. That's Netsec. Now go learn about system administration, scripting, and come back in a few years.

Juan Lewis
Juan Lewis

stick to flipping burgers kiddo

Camden Parker
Camden Parker

Can I get into it without a college degree?

Jaxson Fisher
Jaxson Fisher

Can I get into it without a college degree?

Andrew Thomas
Andrew Thomas

I do.
60k € In Spain. That's a lot.

Leo Thompson
Leo Thompson

in reality it is 49% recon, 1% exploitation, and 50% reporting

there are many different paths to take though which is good, and on top of that many different colors of teams you can be a part of.

i enjoy it though

Tyler Young
Tyler Young

I'm trying to, at this point, teach myself cyber/network security. I'd say I am just now kind of understanding what it is I need to be spending my time working on.

Ive got a homelab setup with several linux distros, windows, metasploit etc... spending most of my time trying to become more fluent in python and its related libraries, as well as trying to become more capable with linux and pentesting related tools(nmap, wireshark).

While I am learning more about the mechanics of networks just by playing around with all these different things I still feel like there is a large gap of basic network infrastructure information that I am missing.

Any advice on books to read or anything else to help supplement my learning?

Anthony Butler
Anthony Butler

you will have a MUCH greater chance of breaking through if you go to school for it. this is only the case if you actually go to a good school one, namely one that is getting money from the government for their program.

there are a couple of schools in the midwest and surrounding areas that are good, omaha, south dakota, oklahoma... if you pick correctly you will have to turn down job offers when graduating

Parker Watson
Parker Watson

is cybersecurity le epic intense hacking
No, it's running a series of applications while you monitor for statistics then documenting everything into a nice big report.

If you're really lucky you get to make powerpoint presentations to brief middle aged women on why they shouldn't open suspicious files sent through email and disable the antivirus.

Chase Gutierrez
Chase Gutierrez

Well I am currently working on a computer science degree at my city's community college. But I only plan to do that for another semester or so before moving to an actual university. Any recommendations on what degrees/schools to be looking at?

It seems practical work experience is super important to get while I'm working on a degree, it seems like ideally I would want to get some sort of internship between school years to boost a resume once I have some marketable skills...

David Peterson
David Peterson

Yes if they give you the opportunity to prove to then you know what you're doing

Samuel Flores
Samuel Flores

like i said, oklahoma, omaha, south dakota...

iad.gov/nietp/reports/current_cae_designated_institutions.cfm

some are better than others. you should have no problem at all getting an internship if you do your research and chose correctly

Easton Walker
Easton Walker

After I got out of school I tried jockeying for an entry-level position to align me toward netsec, network engineer, etc. Long story short, I'm now a "DBA" but I haven't had to seriously query a database in weeks. What can I do to get my career back on track and move away from having to tell Business IT that what they want is retarded, but i'll do it if they pay for it?

Juan Brooks
Juan Brooks

Yes, but you can also get into a CEO position without a degree. It just is not likely to ever happen.Security positions generally require years of generalized knowledge in IT first.

Gavin Martin
Gavin Martin

I make mmorpg haxes (never sold them) and have exploited shitty bugs like the ones on xploooitdb

I'll be honest, there are no real 'H4CK1NG" courses, you learn this by becoming a better programmer and start to understand how programs actually work, otherwise you'll endup either a script kiddie or just someone who tried to be edgy but failed/gave.

Daniel Ramirez
Daniel Ramirez

This

What most people consider intelligent "hacking" is really exploiting and exploits primarily come from amassing such a knowledge in something that you learn how to break it or spend so much time with it that you just get lucky and happen across an exploit.

This explanation makes a lot more sense when people realize hacking isn't balaclavas and mainframes, think of hacking as some guy 'hacking' two pieces of hardware together which requires a knowledge of how those things work and the ability to predict what will happen when joined.

Isaac Long
Isaac Long

Anyone have a list like this for Canada?

Cameron Cox
Cameron Cox

it's a meme. They run scans and then go to the team that specializes in it linux/windows and are like
uhhh you have a hole here you're going to need to fix that.
then the team fixes the issue. Watching infosec team use CLI is painful. Had to explain how mounting in Linux works for about 15 minutes to one guy.

Isaac Howard
Isaac Howard

I do. Standards conformance and penntesting.

Jack Adams
Jack Adams

It's pretty boring, mostly reporting. The fun stuff is vulnerability analysis and exploit development. If you can get into vulns research or exploit development, you've got the real Mr robot job.

Lucas Hernandez
Lucas Hernandez

nyu, cmu, all the top cs schools (ucb, ucla, ucsd, stanford, harvard, mit, caltech, usc, uta, columbia), any nsa recognized center of excellence, whatever you can get into

Nicholas James
Nicholas James

most netsec people start with reverse engineering and software exploitation then get into general it/networking stuff as they become able to exploit/reverse more complicated multi-tiered programs. no one starts by hacking custom encrypted client-server programs in a hardened linux environment.

ps- phrack had rop gadget stuff in the early 2000s. control flow guard and emet with microsoft edge sandboxing is considered state of the art for windows. pax on redhat/ubuntu is state of the art for linux.

Colton Hernandez
Colton Hernandez

Modern bug finding is turning into applied maths with SMT solvers and complex grammar fuzzing based on malloc/ptr targeting. Usually this requires tracing program input, tracing syscalls, finding resource allocation routines, finding resource garbage collection routines, finding security check routines and then writing some custom input mutators which are then run across a customized cloud environment. Then comes the hurry up and wait part followed by crash dump triage and analysis.

You can find bugs with dumb fuzzers, but most of those are found by developers or low level security people looking to make a name for themselves. Old code like popular shared libraries may contain exploitable bugs, but most of the low hanging fruit is gone. Tools like ASAN, MSAN, UBSAN and Valgrind are pretty easy to use. zzuf, honggfuzz and AFL are simple as well.

Eli Watson
Eli Watson

yeah, netsec and welding are the same thing. sysadmins and shell scripting are how you netsec. ccna/ccnp are worthwhile and every good hacker has them.

Connor Williams
Connor Williams

Fuck off Chema Alonso

Disable AdBlock to view this page

Disable AdBlock to view this page

Confirm your age

This website may contain content of an adult nature. If you are under the age of 18, if such content offends you or if it is illegal to view such content in your community, please EXIT.

Enter Exit

About Privacy

We use cookies to personalize content and ads, to provide social media features and to analyze our traffic. We also share information about your use of our site with our advertising and analytics partners.

Accept Exit