EH-Net

Ive just finished my first year at uni doing a degree in Ethical Hacking. Summer has come around and im finding it difficult to find an IT related job over the summer period. I could take a job waitering/washing dishes, etc... however want to leave doing that until I have no other option. I have funds to last about another month without working at a push.

Theres only two companies that I have found in my local area that specialise in security, I have rang them and sent my CV however they keep telling me they will contact me back but never get a call.

I was wondering if it would be possible to freelance? Has any one done this? How did you go about it? Should I just contact small businesses in the area and offer my services?

I have done a couple of commercial pen tests at uni the rest of my experience/knowledge is self taught. What do you think my chances are?

Thanks in advance,
Ryan

If there are some "serious" businesses around your area which are specialized in this kind than I would say your chances are very small. Maybe you could ask at some organizations such as churches etc. but propably you would get very little money if this is what you are currently after.

I would try to get a job in the it-field at general, such as sysadmin, network engineer etc. This may also help to improve yourself in the field of pentesting as you will see other aspects you may have not yet discovered.

Also I would try to recontact the two companies you mentioned and ask in a polite way if you can work there or how things are as you would be very interested etc.

I originally rang them on Thursday and they seemed very enthusiastic. They said they would ring me on Friday for a chat however never got a call. I rang this afternoon and the guy I spoke to last week was apparently busy. They said they would ring back today however its not looking hopeful as they close at 5pm and its 3:30pm already.  :-\

I know how this feels but maybe the responsible guy is really very busy. I still would try it. ;)

IMHO, without more formal work experience the freelance thing may not really work out.  There are a lot of issues which may come up, that you would be unable to handle.  The main one that comes to mind is legal issues.  Do you have the proper legal contracts to cover your butt if a situation goes downhill?  What happens if you bring down a production server?  What happens if you get scope-creap, and the project gets completely out of your hands/control.

I like the previous recommendation of working for cheap/free around town to build up some connections/experience.

I would recommend looking up some security related user groups in your area.  For example, ISSA, OWSP, Infragard, or even ISACA.  You can attend any one of these meetings as a guest, without paying for membership.  It is a good way to network and connect.  Also, check with your university to see if they sponsor any security/computer related groups.

Also, it may not be the BEST approach, but you can send your resume to your local headhunters/staffing agencies.

Good luck!

Not pentesting, but....

I know a very successful (now) network admin who got done with a community college program and couldn't get a job.  She volunteered her service to her local church and helped them modernize their network infrastructure (live in the south with BIG baptist churches).  A few months later, a member of the congregation who handles hiring for a local IT firm offered her a job with great pay and benefits.

The other thing I routinely suggest to people is working with an open source project, preferably security related if that's where you want to work.  If you can't code, document or test.  It's good for the CV and you get lots of networking benefits from it.

[edit]
I also forgot to add to unsupported's point about legal issues.  I have the contracts down, but I don't freelance because I haven't worked out my Errors and Omissions insurance.  Do a quick google search if you don't know what I'm talking about.  Should be enough to scare you to your senses.

I have forgotten about the legal aspects too. It is really something which should be worked out carefully together with a good lawyer as I have seen unfortunately two people who had similar thoughts as you and got from a company sued because by accident a service got disabled for some time which was not intended to.
Maybe this is something which won't be crucial by churches or similar but just to be sure I wouldn't risk anything. Once you have a good setup you can use it anyway for any later work or build up on it.

If it is nearby I would suggest putting on a suit and going down there in person to hand off your resume. Don't stop pestering asking them. If see your persistance you may get the spot. If you annoy them they'll tell you no but you are no worse off.

For me it was a combination of networking and training.  I was networking, then my boss offered to pay for GPEN.  I jumped on that....

After I had that for a few moths, a local company asked me to freelance with them as a side job doing pentesting.  This has led to other stuff as well.

So, keep learning and get an IT operations job.  Meanwhile network and the opportunities will sneak up and surprise you.  Just jumping into the field after a year of schooling will probably be difficult to impossible.  Building a resume and professional contacts will get you further in the long run.