How smart do you have to be to hack it in the cybersecurity field? I'm thinking of persuing a career in said field

How smart do you have to be to hack it in the cybersecurity field? I'm thinking of persuing a career in said field.

From what I've seen, you need to make your bones in the network admin or sysadmin field first, then branch off from there.

Study up on the Network+ and Security+ Comp/TIA exams. Pass them and then go after the OSCP. Throw in an associates in computer science and you'll be a damn good white hat.

No only script kids start in the admin field, if you want to actually be an infosec dude then you need to understand more than man pages and premade programs. You need to understand how programs work, you need to understand assembly and binary analysis on top of the network stack and common exploits.

You need to be literally diagnosed autistic, and possibly having autistically studied this crap since you were 11 instead of having a social life

I had all of those certs coming out of high school and did my degree in computer engineering. if you want to into network security then you need to study pen testing and 'ethical hacking' on your own because the community college that would give you an associate in Comp sci MIGHT have a class relevant to pen testing, but a general Comp sci degree has nothing to do with network security. Your best choice is self teaching or finding someone who's been in it for a while on a forum. It's also a ton of work because software is updated and new technology comes out that changes vulnerabilities, so you need to constantly be reading and stay up to date on tech news

most cybersecurity people ive met are completely retarded and couldnt write a script or configure a switch to save their life. This is in a corporate environments though.

Not really, there are many infosec fields. It would help for pentesting, but it would be useless for reversing an android malware.

Usually you either specialize in a related security field from your current position (sysadmin -> pentesting, software engineer -> app security, mathematician -> cryptography, etc.) or you're like and get in the field you like after college.

>most cybersecurity people ive met are completely retarded and couldnt write a script or configure a switch to save their life. This is in a corporate environments though.

What did they do then? Just use point, click gooey software on Kali?

I was looking at a job that seemed like it entailed basically knowing a few pieces of software and travelling to client sites. Seemed pretty cool, but having to do the same repetitive task over and over could get boring. Though that's every job.

Although I'm not in the cybersecurity field my job requires me know quite a bit about a few very specific pieces of net security and I'm really tempted to pivot into an actual cybersecurity role. But I can't tell if the job shortage high pay meme is actually just a meme.

Sounds good to me.

Anyone know where to look for jobs? Banks, a/v companies, consulting?

the shortage is not a meme, high pay depends on how good you are

>Banks
Nah, you will be required to wear a suit and work 9-5.
>a/v companies
Oh god no.
>consulting
Either reputable consulting companies (that have people that know their shit and won't run a fucking scanner) or big tech companies that have a security team (fb, google, apple, etc.).

I wouldn't want to be a code monkey for a bank, but for half a million dollars I'll gladly wear a suit. In general it seems banks have both the need and money to roll out and experiment with new tech.

Google, FB, startup culture feels like nigger rich to me and I don't think I'd enjoy it. Though anything is nice once you've carved out your niche I suppose.

Do you work in the industry? I've been afraid to apply at the big 3 because I don't think I'd pass the coding interview. I want a role where I get to code, but not too much. Basically what I do now actually, but that's without any prestige.

I also wonder about security clearances, how common is this? Does google require it? I know FB has the CIA shell company inqtel which pours money into them, and if you look at their postings they all require a clearance. You can either get str8 edge people or you can get competent people, I think the shortage exists because places want both.

you won't get paid 500k just because you're working in a bank
the salary will be similar or lower than top tech companies

> I've been afraid to apply at the big 3 because I don't think I'd pass the coding interview
I was in your shoes, but I thought "what the hell, I have nothing to lose if I fail". I still reviewed a bit of more classic CS topics, but fortunately the interviews were very focused on security. They were damn hard, but somehow I passed them.

But for applying at the big 4 you have to really be fucking good, in my case I'm like without the autism.

And security clearance isn't very common unless you work for a consulting firm that deals with the us government. I'm not sure where are you looking but a quick look at fb's offers say nothing about clearance (search for security engineer in their careers page).

Also if you want to look for good companies that aren't the big 4, there's a quarterly hiring thread in [spoiler]r/netsec[/spoiler].

Thanks for the advice user.

How does your day look like? Do Security Engineers do any programming at all, or is it mostly scripting?

bump

>How does your day look like?
Curious as well?

>Do Security Engineers do any programming at all, or is it mostly scripting?
Though a lot of people refer to scripting just because they used a scripting language. If you've got OOP and a complex architecture to complete some task it doesn't really matter what the tool is.

Also going to take a gander, what does it take to join google project zero?

Depends a bit on the team. If you are in a team that is tasked with writing a new fuzzer then you'll be more exposed to programming than if you have to reverse a malware or perform code reviews.
But compared to a regular software engineer, I probably code like ten times less.

Again that depends a bit on the project you're working on. I have mainly worked with python but I have seen other people work with C++ or even Java.

As a final note, I recommend trying to play security ctfs. You can learn a lot and also they expose you to many different things. I don't have any certs and many people like me get in this field thanks to the experience and knowledge gained in ctfs.

Project Zero is a bit different than your usual security role. You need to have very especialized knowledge in operating system internals (mainly windows) and assembly. Try reading their blog since they post detailed writeups, the day you think "I could do that" is the day you should send your cv.

Thanks again user. This advice is seriously appreciated compared to reading the 10,000th article about "muh security".

Now to better myself.

well you have come to the right place kid, i myself happen to be a leet hacker. of the highest degree. im constantly hacking into .gov sites and NSA spy cameras. and thats just in my spare time, i cant even tell you what i do for money. we are anonmouse we do not tell.

Ask me anything bro

you don't have to be smart at all to do anything, you just have to be willing to work hard.

This thread needs a bump

Protips from someone who's just landed their first job within the cyber security field, getting payed around $40,000 more than my peers.

>Get heavily involved in cyber security work outside of studies
>I started a business as I started uni
>Used my cyber security knowledge up to that point to help them secure their websites, and create secure architectures
>Conducted cyber security vulnerability reporting in a smart, light, ethical way
>Was able to put on my resume that I'd conducted vuln reporting with government, defence, law enforcement sites
>Did bug bounties to say I was involved in vuln reporting with industry leaders like PayPal, Facebook, Google, Mozilla and Mt. Gox
>Actually found vulnerabilities though, and built up a good rapport within my country's security intelligence field
>So don't lie or embellish

Literally you have to do more than just get a degree. You have to do more than just prove you're 'smart enough' to run exploits, and programming/coding knowledge isn't a huge thing unless you're going super technical (and hence cornering yourself in career development-wise).

Also, joining/partaking in seminars and groups and conferences isn't a must. Just demonstrably show that you can go out, engage with clients on cyber security matters, and actually do cyber security stuff with companies, businesses and governments.

youre one intrusion away from being a cybersecurity expert.

OP you need to find holes, you need to know how to break things and use that as leverage to your advantage.

in saying that, every serious answer since this post and after is most likely right.

Can you learn it without knowing any coding/programming?

Make a living from the best bug bounty program around today: cryptocurrencies

Got an email i could contact you at interested in asking you aome questions!

Be uber elite at exploits in native code. That team is GOOD.

I like you. Really.

Bug bounties don't pay well and most hackers are part timers because the only money is in crime. Blue team stuff may pay well.

you need at least some basic coding skills because you won't always find the exact tool to do X thing

although bug bounties allow you to find real bugs without ending in jail

Thanks for the reply. But is it true that in the future security engineers can be replaced by AI and the only way to have a longlasting career is to work in AI?

"AI" (most of the time it's actually machine learning) is being hyped as fuck right now and I think this year will be the year of dissilusion for this field... I'm actually considering going to another field (I mostly deal with machine learning in my day job).

So to answer your question, "AI" won't take your job. I'd be much more worried about Trump.

don't fall for the ai will take our jobs meme
ai is just good at very specific tasks

> because the only money is in crime.

He gets it.

What about Bill Gates? He made his money legitimately and totally didn't steal from Apple.

Oh that's why Bill Gates left Microsoft to appoint his butt buddy that tanked Microsoft for a decade?