Career Advice

<<

n37sh@rk

User avatar

Jr. Member
Jr. Member

Posts: 85

Joined: Thu Jan 24, 2013 1:07 pm

Location: Anywhere

Post Tue Aug 05, 2014 9:09 pm

Career Advice

Hello everyone,

I am in need of some advice. I have been in the Security industry for about two years now and I feel that I'm at a figurative fork in the road. I have talked with allot of people and been to a few trainings for both offensive and defensive. Some people have said I need to make a choice in what direction I want my career to go. So that being said I have no idea where to go, there are parts of both offensive and defensive that l like. I also know that you really need to know one to be good at the other.

I know that on the pen-testing side you need only find one mistake by the security team to own them. Now that sounds fun kind of like the gotcha factor. On the other hand I like the constant cat and mouse game of exploit found hurry and patch or update. Then there is the part of how,what,who and when that is also interesting to me.

So as you can tell I am not really sure what I want to do. Does anyone have advice on something that helped them decided which "road" to take?
<<

Grendel

User avatar

Sr. Member
Sr. Member

Posts: 258

Joined: Thu Aug 28, 2008 8:48 am

Location: Colorado Springs, CO

Post Tue Aug 12, 2014 10:25 am

Re: Career Advice

Why not both?

I started out on the defensive side, and stayed there for about 15 years. Afterwards, I moved onto the offensive side, which I've been doing for almost 10. The first 15 years of sysadmin work was a huge benefit for my work in the pentesting field.

I'm also sure that you could flip the scenarios and start out offensive, then move to defensive, which should improve your game on the defensive side.

In short, I don't think the road has to be divided, but could be intersecting throughout your career.
- Thomas Wilhelm, MSCS MSM
ISSMP CISSP SCSECA SCNA IEM

Web Site:
  • http://HackingDojo.com
Author:
  • Professional Penetration Testing
  • Ninja Hacking
  • Penetration Tester's Open Source Toolkit
  • Metasploit Toolkit for Penetration Testing
  • Netcat Power Tools
<<

n37sh@rk

User avatar

Jr. Member
Jr. Member

Posts: 85

Joined: Thu Jan 24, 2013 1:07 pm

Location: Anywhere

Post Tue Aug 12, 2014 1:35 pm

Re: Career Advice

Grendel,

You have a very good point, I think that is something that I might have kind of been influenced per say by the talk of offense and defense.

Thanks for your insight, it is always good to hear from people that have been around the industry longer than I have.
<<

dynamik

Recruiters
Recruiters

Posts: 1134

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Sun Sep 07, 2014 10:38 pm

Re: Career Advice

There's no reason you need to make a choice after two years, and even if you choose to go strictly offensive or defensive, there's no reason you can't go in a different direction later. Hell, I've done defensive > offensive > Microsoft Excel Specialist (management) > offensive.

Keep learning and growing and you'll be fine. Try to focus more on core concepts than specific technologies that may not exist or totally change within a couple of years. Programming and networking knowledge will be beneficial no matter which route you go. Just don't allow yourself to stagnate, which is truly how you'll kill your career.

If you're that torn, try to find something that allows you to do both. Perhaps a consulting position that has you doing implementation when there isn't pentest work available. Also, incident response requires strong knowledge of both.
The day you stop learning is the day you start becoming obsolete.
<<

n37sh@rk

User avatar

Jr. Member
Jr. Member

Posts: 85

Joined: Thu Jan 24, 2013 1:07 pm

Location: Anywhere

Post Tue Sep 09, 2014 7:23 am

Re: Career Advice

Dynamik thanks for the advice. I am currently working on my BS in IT Security Emphasis. I am currently in a "consultant" position where I am doing Vulnerability Assessments and Awareness Training. When I am not doing that its Help Desk/Sys Admin.

As for programming knowledge I have a very little, I find it hard to learn programming with out a specific project or goal. I have Python for Kids and Gray Hat Python that I am trying to get through. I am always trying to research and learn new things.

I also would like to get involved in an open source project but I'm not sure where to look any advice?
<<

dynamik

Recruiters
Recruiters

Posts: 1134

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Thu Sep 11, 2014 5:51 pm

Re: Career Advice

You should get the SecurityTube Python course (or Pentest Academy subscription) and go through that. You make actual tools, and Vivek provides additional ideas for features to add, as well as stand-alone challenges/exercises where you have to create your own tool from scratch.

You can always start by automating tedious day-to-day tasks. It might just be sorting or organizing information, but you'll build your skills while becoming more efficient at your job.

If you have any interest in working on an open source MSSP platform, I know the Custodiet guys were looking for additional people. I'm not sure if its fully public yet, but I can put you in touch if you're interested in that.
The day you stop learning is the day you start becoming obsolete.
<<

n37sh@rk

User avatar

Jr. Member
Jr. Member

Posts: 85

Joined: Thu Jan 24, 2013 1:07 pm

Location: Anywhere

Post Fri Sep 12, 2014 6:55 am

Re: Career Advice

Thanks a bunch! I actually have a contact that is working on the project I didn't know they were looking for more help. I will have to talk to them while I am at Derbycon. I will definitely be looking into the Security Tube I heard the Python course is pretty good. Thanks for all of your advice.
<<

JoevanZYL

User avatar

Newbie
Newbie

Posts: 1

Joined: Tue Jul 28, 2015 5:33 am

Post Tue Jul 28, 2015 5:49 am

Re: Career Advice

In essence, people who offense are much quicker to ask you for something than you are to ask them for something. And that risks leaving you in a defensive position forever.
Exuberant...!

Return to Other

Who is online

Users browsing this forum: No registered users and 1 guest

cron
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software