March 14, 2013 at 11:01 pm #8301
Hi there 🙂
I’m a soon 29 year old guy with a master in information technology working full time as a. NET developer. I’ve had an interest in security, especially pentesting since high school, but back then I never really considered it as a career path option. Now lately the last year I’ve begun to read more and more security articles, tutorials etc, and I’ve started coding in Python trying to make small client server back doors, my own http server and stuff like that to get an in depth knowledge of networking and protocols etc. I’m also reading Counter Hack Relosded, and this world of security is so much more exciting compared to my daily job.
Hence I dream of a career within pentesting, but do you guys think it is to late for me to change direction from being a ‘commercial’. NET developer without any real knowledge within security to becoming a professional pentester? If not, how would you approach this endeavour, and what path do you think I should take? The reason why I’m so in doubt is because this field is so large and requires such a broad knowledge, and I can code, but I really don’t know where to start.
I don’t have any really useful knowledge within security, so I’m a complete newbie, I only have like 3 years of programming experience, but I consider my self a fast learner.
What do you guys think, am I to late with this, and is my age against me, or how and where could I start with my current knowledge?
Oh and I’m sorry for the length of this post.
March 14, 2013 at 11:42 pm #52283dynamikParticipant
Wow, I was expecting you to say you were 60 or something.
Why don’t you leverage what you know instead of trying to start from scratch? Wep app pen testing is hot right now, and your .NET knowledge clearly puts you in a good position for understanding how ASP.NET applications work behind the scenes (I assume you’re doing thick-client development since you didn’t mention ASP).
And even if you want to start from scratch, 29 is not too late. However, you’re going to have to accept that it’s going to take years of work to become competent, and you may have to take a drop in pay and seniority to migrate into a relatively different field.
If I were you, I’d take use my existing knowledge and skills and take on some security responsibilities, or obtain a position that has such responsibilities, and then keep working towards a full-time security position step-by-step.
Also, welcome to the forums.
March 15, 2013 at 3:24 am #52284cd1zzParticipant
I changed careers from network admin to pentesting at 30. I managed to do so without taking a pay cut. It’s possible, you just have to be strategic about it. Like ajohnson said, the next logical step in my eyes is for you to become a web app ninja. You’ll have to convince a potential employer that you actually know what you’re talking about. You might want to start blogging, or publishing useful code to the community…..whatever it is, just start showing that dream company that you’re a ninja. Where are you located?
March 15, 2013 at 12:08 pm #52285impelseParticipant
I can tell you I am in the transition process, I begin around the 39. I’ve been taking trainings online, reading book, etc.
I am a System/Network admin, so every time I install a new system, or we got a new customer I scan the network or server, sometimes I test my own new servers.
I am keep building the skill before the full transfer. Just the last weekend I found a vulnerability in one of the custom application, I liked a lot.
March 15, 2013 at 4:06 pm #52286
ajohnson, cd1zz and impelse are all right!
I am a Java developer who started transitioning into pentest 5 years ago. I am now 37 and I am almost completely out of web development.
So by all means, do it! It requires lots of work, but like me, you can do it! 😉
March 15, 2013 at 5:29 pm #52287lorddicraniusParticipant
Gosh, I hope not. 28 here and I’m working on making the transition. If I only have one more year… :- 😉
March 15, 2013 at 6:11 pm #52288
Thank you all for your answers. It’s comforting to get some support from people with experience already on the same path. I think I’ll read up on web app pentesting and try to use some of my experience with WCF from the. NET world. Better start somewhere than nowhere I guess 🙂
I’m from Copenhagen / Denmark, and nice forum 🙂
March 15, 2013 at 6:56 pm #52289
Then welcome the the forum bahr!
My #1 advice to you is to stick to this forum and post your questions like you just did. You’ll get tons of hints and answers here… 😉
March 15, 2013 at 7:50 pm #52290dynamikParticipant
Oh, in that case, you may have to move as well. I’m not trying to discourage you, but it doesn’t sound like there’s a lot of opportunities over there. MaXe, despite his impressive skills, actually relocated to Australia for a full-time pen testing gig: https://forum.intern0t.org/blogs/maxe/132-living-down-under-beginning.html
March 15, 2013 at 10:56 pm #5229124772433Participant
It’s definately not too late. 28 is young! I was 30 when I took the transition from soldier in the British Army to IT Systems Admin – I didn’t do IT in the army!
From the sounds of it your’re on the right track. Most definitely concentrate on Web Application testing. Also, get signed up for the PWB/OSCP course too. It’s worth the investment.
Take a look at this security organisation in Denmark:
March 16, 2013 at 3:03 am #52292DataDwarfParticipant
28 is not too old. I am making the transition after 15yrs working as a sysadmin
March 16, 2013 at 5:50 pm #52293
Thank you. Moving out of the country is not an option for me in the near future, but I do live in Copenhagen, so I think that might be the best place to be located, if you are unable to move. Thanks a lot for the link to CSIS, that definitely seems to be a dream place for me to get hired.
I will stay on this kind forum, and hopefully learn a lot of stuff, and maybe with time give something back to this community 😉
March 17, 2013 at 2:48 am #52294
March 18, 2013 at 11:04 am #52295
But I’ve learned so much!
(I couldn’t resist either)
March 19, 2013 at 9:33 am #52296vekarmanParticipant
Man, man, man!!!
Age is mere a number. don’t worry and go ahead. Though I am 50 now, I feel very young with younger member of this group!!
March 19, 2013 at 12:22 pm #52297mrvoreParticipant
I am 42 and just start my career in info sec and I love it. The only advice I can tell you is that do what you love to do. If you love networking then do that or if you love starring at lines of code then do that. But I love security, not sure why but I seem to have a passion for it. When I started I just cuoldn’t stop.
March 19, 2013 at 2:45 pm #52298imij0607Participant
wow – too old??
i fell of my ladder when i was 33?? lol…anyways at the time i had no college whatsoever and relied on bull work to pay my bills. by the way – single dad with full custody and no child support…try that on for size. well i decided just to do it…just go back to school looking forward and never looking back. best choice i’ve made in a long long time. i now speak at conferences, i’m an active member in the community (when i can get out), and working in security…
i agree with the above post – do what you love, and you can never go wrong…
March 22, 2013 at 5:16 am #52299Don DonzalKeymaster
OK… I’ll chime in. Since I was in grade school, I was playing with computers. Anyone remember 808x processors, the Osborne “portable” computer or The Source? At 30 I was a partner in a software company, but I didn’t get my first certification until after that when the tech and telecom bubbles burst. Since then I earned MCSE, Security+, CISSP et al. It wasn’t until I was 34 that I started EH-Net. On a personal note, I started martial arts at 40, I’m now 42 and a brown belt. If I keep going (and I plan to), I could earn black before the end of the year… that would make me 43. I didn’t get married until 32 which makes my 10th anniv this year. BTW – I’m a stay-at-home Dad.
You are the decisions you make, and you can be whatever you set as your goals regardless of age. I have more goals than I can ever accomplish in a lifetime, but that will never paralyze me into achieving none of them.
Take this as you will, and I hope for the best possible future for you and all EH-Netters.
March 27, 2013 at 9:59 am #52300
Wow, I didn’t expect so many answers, thank you all a lot. All those replies have really motivated me! I don’t know why, I just felt like I was to late somehow doing all this, and really didn’t know where to look and how to get started. I’m also amazed by the amount of useful info to be found in these forums!
March 27, 2013 at 3:48 pm #52301rattisParticipant
I have found that those of us with the best security understandings are those of us that started in something other than security and moved in to it later.
With all the universities, colleges, and community colleges training people in IA / computer security one can tell the ones that did more than security classes. (Or maybe I’m just biased because I run a IA Club at a local Uni, and seeing the kids in the program, acting like kids, while the older students get it more).
You must be logged in to reply to this topic.