Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

I'm looking for a job

Options
  • 12-12-2017 4:22pm
    #1
    moneymad
    Registered Users Posts: 882 ✭✭✭


    Since earning my OSCP cert last week I'm on the hunt for a job. Security incident response, penetration tester or security analyst roles.

    If anyone knows of a company which are looking for someone I'd be delighted to go for an interview.

    The CCNA was enough to get me in the door for an internship. So hopefully this cert gets me in the door.


Comments

  • Options
    #2
    Keyzer
    Registered Users Posts: 4,331 ✭✭✭Keyzer


    PM sent


  • Options
    #3
    [Deleted User]
    Posts: 0 [Deleted User]


    With the CCNA and OSCP you've got a solid foundation of networking and how attackers operate. You shouldn't have a problem getting interviews.

    Do you know which direction you want to go?


  • Options
    #4
    moneymad
    Registered Users Posts: 882 ✭✭✭moneymad


    [Deleted User] wrote: »
    With the CCNA and OSCP you've got a solid foundation of networking and how attackers operate. You shouldn't have a problem getting interviews.

    Do you know which direction you want to go?
    Hi Ni@ll, Learning the material to pass the CCNA is a great foundation. I've a good grasp on networking because of it. OSCP, again, good foundation. I know it will get me in the door. But I know it barely scratched the surface. :)

    It's funny I've been into hacking since 1999. On hackers.com forums, in here with various usernames. And only now am I getting serious about it.

    The thought of doing something good always appealed to me.
    It's probably a bit late to get involved in law enforcement though.

    Incident response appeals to me. I would imagine the adrenaline pumping reacting to an incident is exciting and important work.

    Penetration testing is very exciting. I really enjoyed getting into machines in the offsec labs.

    Ideally getting work experience somewhere would be fantastic. I'd work for nothing. Being along side other professionals would be unbelievable.

    Anyone reading this. What do you like about your job? What do you hate? What area would you like to get into?


  • Options
    #5
    spaceHopper
    Registered Users Posts: 3,968 ✭✭✭spaceHopper


    moneymad wrote: »
    Anyone reading this. What do you like about your job? What do you hate? What area would you like to get into?

    What about bug bounties, getting a few under your belt would build your CV


  • Options
    #6
    [Deleted User]
    Posts: 0 [Deleted User]


    moneymad wrote: »
    Deleted User wrote: »
    With the CCNA and OSCP you've got a solid foundation of networking and how attackers operate. You shouldn't have a problem getting interviews.

    Do you know which direction you want to go?
    Hi Ni@ll, Learning the material to pass the CCNA is a great foundation. I've a good grasp on networking because of it. OSCP, again, good foundation. I know it will get me in the door. But I know it barely scratched the surface. :)

    It's funny I've been into hacking since 1999. On hackers.com forums, in here with various usernames. And only now am I getting serious about it.

    The thought of doing something good always appealed to me.
    It's probably a bit late to get involved in law enforcement though.

    Incident response appeals to me. I would imagine the adrenaline pumping reacting to an incident is exciting and important work.

    Penetration testing is very exciting. I really enjoyed getting into machines in the offsec labs.

    Ideally getting work experience somewhere would be fantastic. I'd work for nothing. Being along side other professionals would be unbelievable.

    Anyone reading this. What do you like about your job? What do you hate? What area would you like to get into?

    So I work in Incident Response. Like you said it can be exciting when you're responding to active attackers, but it's also a lot of pressure as the client is breathing down your neck. The other issue is a lot of our clients have built their own IR teams and some of them are pretty decent, so if you come along as the 'expert' and write up a report with the same results as their analysis then they're usually disappointed.

    At the beginning it was great because we'd always find interesting things way before the client would, but it's not quite the same as it used to be. That being said there are still plenty of clients who haven't matured.

    Initially I wanted to get into pen testing, it's a really interesting area and I've spent a lot of time researching/learning about their methodologies. That being said, we find pen testers all the time as the majority stick to things like Metasploit and 'obfuscated' Powershell. If you're going to do that, you're going to have a bad time.

    It can be a little more difficult to jump directly into a pen testing/IR role as they're highly desirable and usually require some security experience. You should check out general security related jobs that will give you exposure to different security tools (IPS/IDS, Firewalls, Proxies, WAF, Email Filtering etc etc). I know this isn't usually what people want to hear but it's invaluable to have that knowledge for both Pen Testing and IR.


  • Advertisement
  • Options
    #7
    moneymad
    Registered Users Posts: 882 ✭✭✭moneymad


    [Deleted User] wrote: »
    So I work in Incident Response. Like you said it can be exciting when you're responding to active attackers, but it's also a lot of pressure as the client is breathing down your neck. The other issue is a lot of our clients have built their own IR teams and some of them are pretty decent, so if you come along as the 'expert' and write up a report with the same results as their analysis then they're usually disappointed.

    At the beginning it was great because we'd always find interesting things way before the client would, but it's not quite the same as it used to be. That being said there are still plenty of clients who haven't matured.

    Initially I wanted to get into pen testing, it's a really interesting area and I've spent a lot of time researching/learning about their methodologies. That being said, we find pen testers all the time as the majority stick to things like Metasploit and 'obfuscated' Powershell. If you're going to do that, you're going to have a bad time.

    It can be a little more difficult to jump directly into a pen testing/IR role as they're highly desirable and usually require some security experience. You should check out general security related jobs that will give you exposure to different security tools (IPS/IDS, Firewalls, Proxies, WAF, Email Filtering etc etc). I know this isn't usually what people want to hear but it's invaluable to have that knowledge for both Pen Testing and IR.

    Very good I enjoyed reading that very much.
    How would the general security roles be advertised? Security administrator?
    I agree with you on jumping straight into a IR role. I've knowledge only from one side. One or two years under my belt in a general security role would be ideal.

    What do you mean you find pentesting all the time?


Advertisement