this post was submitted on 12 Jul 2023
4 points (100.0% liked)
cybersecurity
3262 readers
12 users here now
An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!
Community Rules
- Be kind
- Limit promotional activities
- Non-cybersecurity posts should be redirected to other communities within infosec.pub.
Enjoy!
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Hi Mike, I recently started working as programming intern for a company doing webapps. I've worked part-time gigs in a completely different field before, that means I got no certs, no job experience in IT to speak of, I'm not the young guy fresh out of school anymore. However, my interests have always been to break into cybersecurity and have slowly added some relevant knowledge as bare minimum... linux bash scripting, selfhosting, networking and etc. I've been checking out the certs usually recommended plus all the specializations out there and gotta say this is no easy commitment, but I do want to learn.
The thing is, what I'm currently seeing as intern is very different from what people in this field usually speak of online: For example, I was expecting the latest tools and whistles, but the company I'm at uses very old (10 years) frameworks for maintenance and support for corporate clients, windows only, proprietary stuff with very little documentation online. It gets... demotivating? It's still a job and I have bills to pay, but I'm wondering how many years of experience do I need as a regular web developer (if my contract is renewed, even) to even attempt branching into infosec?
I know this gets asked a lot. Sorry for the long text. TL;DR: just started as intern programmer, company works with ancient dinosaurs instead of latest stuff, years of experience needed to become hackerman (or jumping from first one to others shown here)?
If anything that’s a great learning environment. Offensive security is a lot of reverse engineering, figuring out how stuff works based off (extremely) limited information and understanding how best to attack it.
Moreover, as these are old systems, they’re more likely to be outdated and vulnerable - not that you should try without permission or a clear understanding of what you are doing, particularly on production gear.
At any rate, no company will pay you to learn a completely different job to the one they hired you for. So you’re going to have to spend some of your own time learning about security. Where to start has been repeated ad nauseam online so I won’t attempt it.
Sorry for the late answer.
I haven't thought of it that way - if I can convince my boss to test my skills on the legacy systems the company is running, it could be beneficial for both... assuming I get permission and enough actual skills to assess vulnerabilities.
Thank you for the perspective. I agree that intro posts are repeated ad nauseam, I will find my own way.