this post was submitted on 12 Jul 2023
34 points (100.0% liked)

cybersecurity

5091 readers
25 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Enjoy!

founded 2 years ago
MODERATORS
 

Hello! My name is Mike and I am an infosec engineer with 10+ years experience. I've worked in GRC, Vulnerability Management, PenTesting & AppSec. I have 17 SANS certs (I have a serious problem) and I'm also an infosec community enthusiast and creator/mod for /c/cybersecurity. AMA!

you are viewing a single comment's thread
view the rest of the comments
[–] humanreader 2 points 2 years ago (4 children)

Hi Mike, I recently started working as programming intern for a company doing webapps. I've worked part-time gigs in a completely different field before, that means I got no certs, no job experience in IT to speak of, I'm not the young guy fresh out of school anymore. However, my interests have always been to break into cybersecurity and have slowly added some relevant knowledge as bare minimum... linux bash scripting, selfhosting, networking and etc. I've been checking out the certs usually recommended plus all the specializations out there and gotta say this is no easy commitment, but I do want to learn.

The thing is, what I'm currently seeing as intern is very different from what people in this field usually speak of online: For example, I was expecting the latest tools and whistles, but the company I'm at uses very old (10 years) frameworks for maintenance and support for corporate clients, windows only, proprietary stuff with very little documentation online. It gets... demotivating? It's still a job and I have bills to pay, but I'm wondering how many years of experience do I need as a regular web developer (if my contract is renewed, even) to even attempt branching into infosec?

I know this gets asked a lot. Sorry for the long text. TL;DR: just started as intern programmer, company works with ancient dinosaurs instead of latest stuff, years of experience needed to become hackerman (or jumping from first one to others shown here)?

[–] shellsharks 2 points 2 years ago (1 children)

I don’t think there’s some minimum XP (in terms of YoE) bar to hit. You just need to be able to demonstrate your practical XP in some manner. Some people get this through work in IT/cyber, others through academics and others still through personal projects and doing things at home. There is a TON of self-teaching options these days through online trainings, CTFs, cons, meet-ups, etc… And lots of ways to document and market your experience and know-how (blogs, social media, podcast, etc…). Personally, I suggest learning a bit of coding, some cloud XP, start a small blog or post about what you’re learning on a micro-blogging platform and network network network.

As for your current place of employment, having a VERY legacy environment can actually be somewhat good for security as it may be “easier” in some respects to find misconfigurations and Vulns. Does your company have any security resources? If not, try to volunteer to help in that area, if they do, introduce yourself and ask to shadow/help/learn from them.

[–] humanreader 2 points 2 years ago

I see. I will have to document my progress and remind myself the company isn't actually financing this. I should start by creating a blog.

Haven't personally talked to the IT dep yet - I am in a small dev team for internal webapps and the last time we contacted them was because of printer problems, hah. Will try contacting them once I feel ready.

Thank you for the insights. Sorry I took too long to respond.

load more comments (2 replies)