Redpill me about a career in cybersecurity. I am a relatively fresh graduate with a cushy dev job but I've always been interested in cybersecurity and I've been doing some tryhackme/hackthebox stuff as a hobby. I'm thinking about pursuing it more seriously and maybe getting some certs, but I'm unsure.
Career in CyberSec
Sebastian Walker
Joseph Howard
The cybersecurity companies I've encountered at work mostly just run automated tools and send out an unedited report including things that aren't really issues for various reasons but I still have to fix or devise workarounds to hide them "to make the client happy".
I see it as mostly a scam industry. I think the best experts are out there claiming bug bounties not working for some company.
James Scott
id say you're better at where you're at but if you have extra time it wouldn't hurt for you to learn stuff to put on your resume
Mason Fisher
Just an example, it'll flag outdated software versions on servers running Redhat which backports security fixes so the CVEs it claims are vulnerable it really isn't.
In reality it's running the latest version available from the vendor so it shouldn't be my problem, but people try to pretend like it is, or it's my job to fix it (I'm a developer not a sysadmin).
Jaxon Ward
bug bounties sound sort of interesting, what's the money like there?
Carter Martinez
for anyone else curious, apparently it pays absolute dogshit. we're talking like $250 for most bugs.
Nicholas Jenkins
For big companies they usually have a policy depending on how major the security threat is, some are paying 10k+ for significant findings.
Daniel Watson
your job is going to be replaced by a computer and already has been for the most part
soundcloud.com
Tyler Ross
are you a comp sci major
Mason Baker
yes
Michael Carter
I can pull in 10 of those bugs in less than 5 hours and write the reports in 1 hour.
Joshua Bailey
>I see it as mostly a scam industry.
My experience also.
Jack Taylor
le epin cool hacker jobs are freelance. a more regular job would be cybersecurity consultant at some company
Parker Lee
How do you do it?
Jackson Hill
It's a good career, but do yourself a favor and lose any idea of hacking you have gotten from movies or video games. It's not super exciting, and you won't be cool, it is a regular job that basically boils down to IT + risk management. Competent newbies will make it easily, but noobs that show up wanting to be a superstar Mr. Robot just crap up the industry and result in phenomena like Security Twitter (i.e. delusional retard zone). Also if you are applying for a blue team (defense) job, don't talk about all the hackthebox machines you pwned, no one at a generic enterprise cares
Evan Powell
Im not a retard, obviously it is not like in the movies. I dont want to be le ebin anonymous haxxor, i am genuinely interested in the field in a professional manner.
Chase Brooks
Devs make money, security manages risk, the former pays better than the latter.
I dunno, I like cybersecurity and part of me smiles whenever I see my job title, but devs are more valued full stop. There's plenty of opportunity to mix the two disciplines.
Xavier Kelly
>Area
Web Application Security Operations
>Concepts
OWASP Top 10
>Auditable Web Services
ginandjuice.shop
juice-shop.herokuapp.com
>Study Resources
Portswigger Public Cyberrange
AWAE WEB 2022 (Leaked)
>Programming Languages
Ruby
Python
>make your own cybersecurity laboratory
vulnhub.com
>Tools
Burp Suite Community
ZAP Attack Proxy
>Youtube Channel
RanaKhalil101
>t. Security Consultant without a fucking job
Jace Walker
Thanks user. Do you have to learn any ISO 27001 or some other standard?
Dominic Jones
Adam Ramirez
I just graduated in Cybersec, and have a few certs. It's been real hard finding a job. Most companies won't even give me a chance to interview.
Not sure how different it'd be for you. I have an online degree, so that could possibly be why. The retards would probably take a comp sci degree and dev worker more seriously. Most jobs are asking for 5 years of experience and high security clearance levels. Jobs on Indeed to seem to get like hundreds of applicants.
Anyway, the field seems super saturated already and feels like a meme. Go on youtube and you'll see random black dudes and even fucking Asian girls who claim to be "seasoned Cybersecurity Analysts" and shit, kek. Low IQ roasties are starting to get into it, too.