this post was submitted on 18 Sep 2023
7 points (100.0% liked)

cybersecurity

3262 readers
11 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Enjoy!

founded 1 year ago
MODERATORS
 

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

top 10 comments
sorted by: hot top controversial new old
[–] [email protected] 1 points 1 year ago (2 children)

Been questioning if I should continue with my side projects and coding my tools since I've had people that known me for 5+ years be like "You've been trying to code malware for the past five years" and it is honestly depressing that with whatever progress I make people either demand more or they just end up asking me things like "What is the purpose?".

I do this mostly for fun and I want to go back to the community college to go through the programs for networking and security certs that they offer, but last time I tried to go back I went to this online event thing where counselors were supposed to help me and the woman I got acted like my questions were stupid and would sigh and other things.

I start this new welding job on Thursday and my mom seems to trying to push me to do it for god knows how long, and things are just feeling like they are going toward a direction I don't want. Sure welding seems cool and all, but I still kind of want to get into Red Team except I don't think I'm good enough and so far my experiences with most folks supposedly in the field seem to just be in the mindset of when they started when the field has changed dramatically.

I've tried going the helpdesk route, but it just made me lose my soul, and I was overworked to the point I would get burnt out. I've tried writing articles and participate in various communities, but in all honesty, everyone made me feel inadequate and invisible. I used to be part of the 0x00sec community, but the people there were horrible to me, and so I started acting out even though I was a teenager. Tried going to Uni, but the boys there were pretty awful, to the point that one of the professors who talked to my mom the other day said they were shitheads.

Sorry for this rant, but in all honesty I don't know anymore if I should even bother anymore trying to get into the industry, and I'm starting to really doubt if all I've been doing is even that good. My love is in hardware and osint. I've been trying to write things I think could help people and sharing what I can, but I feel like it just not good enough.

[–] [email protected] 2 points 1 year ago

I’ve captured a bunch of training sites you can peruse https://shellsharks.com/online-training. If you’re into OSINT, familiarize yourself with some more OSINT tools, I’ve captured some here https://shellsharks.com/infosec-tools.

[–] [email protected] 2 points 1 year ago (1 children)

I share this link a lot but it’s really the best advice I have for getting into the field. https://shellsharks.com/getting-into-information-security. It takes some persistence for sure but the industry needs new blood. You CAN absolutely do it. Start small and build up core skills. Being able to “code malware” is something you can worry about much later down the road. Work on coding smaller projects, learn networking and OS basics, etc… Good luck and come back here as you have more questions!

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

Yeah. I will take a look. Just been questioning a lot for a while now if I really belong since most of the time I just don't think I do since my interests and my focus I feel like aren't "traditional". I've been coding a lot more thanks to some encouragement from people, but a lot of times I don't think whatever I code is fancy or sexy enough since I keep everything simple. Been reading as much as I can articles of real world attacks and the tools/techniques use which has helped a lot to make me feel more adequate since a lot of times you don't need all this fancy techniques and reading how attackers drop whole zip files of like notepad++ with the necessary dlls or whatever helps give a more realistic insight.

I think if I ever end up with my foot in the door and actually end up doing work, I might end up trying to teach and mentor people since nobody, especially girls, should have to put up with all the bs I had to.

[–] [email protected] 2 points 1 year ago

Try. It to feel that way. If anything infosec (and “hacker culture at large) is unique thanks to the fact that we are “non-traditional”. Use this to your advantage and don’t give up!

[–] shadowSprite 1 points 1 year ago (1 children)

I'm a computer science major. I'm technically classed a sophomore because I take a lot of classes at a time, but I wont transfer to a 4 year school til spring 2025. I'm at a community college taking a degree specifically designed to transfer to a 4 year school and I'm only on my first actual computer programming class right now, it's been all pre-reqs and gen-eds up until now so that once I transfer they're all out of the way. When I transfer the plan is to switch to cybersecurity - the school I'm transferring to has a cybersecurity degree designed to pick up where my AS leaves off.

But I know nothing really as of right now! I'd appreciate any advice anyone in the field wants to give a very interested but very ignorant newbie who wants to learn. I come from emergency medical services so I have no experience in tech, but I'm fascinated with it.

[–] [email protected] 2 points 1 year ago (1 children)

the school I’m transferring to has a cybersecurity degree designed to pick up where my AS leaves off.

(Disclaimer, I'm speaking from US and Canada based experience)

Be careful with CyberSecurity programs; it sounds great but there is no standard regarding what a cybersecurity degree even should be. Which means every place offering one can do whatever they want. Some programs are fine, some are lacking, regardless you have to make sure its actually preparing you for whatever part of security you're actually interested in. It also means that on the hiring side, people won't know exactly what its value is without looking into your specific program (which they probably won't do). Which puts it at a lesser value than a more predictable degree. Still often acceptable at least but worth calling out.

If you're new I'd also strongly encourage you to learn about different facets of cyber security; it is an absolutely massive field and different areas have different expectations. A lot of people have a misunderstandings about security jobs look like.

[–] shadowSprite 3 points 1 year ago (1 children)

This is really good advice, thank you. Do you have any recommendations for trustworthy resources to learn more about cybersecurity, ie websites, YouTube channels, whatever? I'm so worried about misinformation.

[–] [email protected] 2 points 1 year ago (1 children)

I'm sorry, I don't. I'm kinda locked into my niche and don't consume much of the wider cybersecurity industry or have a handle on who would be a trusted resource outside of my particular realm in application security and vulnerability research.

For at-least some insight, I can recommend https://www.youtube.com/@cwinfosec its a pretty small channel, but he has some great "Interview with a ..." content. I enjoyed his interview with Alh4zr3d on red teaming experience. Most of the interviews are more offensive security focused, but he has a few different jobs that he's interviewed and can give some exposure to the type of work being done.

Microsoft's Security Response Center has also started a podcast called The BlueHat Podcast I haven't listened to a ton of it yet but they seem to have a decent variety of professionals on talking about stuff which can potentially be a source.

[–] shadowSprite 1 points 1 year ago

Thank you, this is a start!