What kind of experience do you need to get an entry level job in that field?
Benjamin Murphy
Minimum is a Bachelor degree
Sebastian Ward
This thread again? How much does your registrar pay you to shill?
Aaron Hill
I know, but education isn't experience. What kind of actual experience do you need?
Colton Scott
I got into infosec in a devops role creating automation, infrastructure etc for a red team
Mason Phillips
That's wrong. You can easily get a job in cybersecurity by reversing shit and publishing your exploits. Hell you can freelance as a bug hunter and so long as you are DECENT in your field your bug bounties should be plenty to live off of.
Jayden Thomas
Also wanted to add: If reversing shit in your spare time and bug hunting is in any way difficult or "boring" to you, please don't get into the cybersecurity field. Yes, I know there are more networking/IT related cybersecurity positions in which certs (especially for government positions) are the prime but those people tend to be at best script kiddies who started on and will always use Kali as their go-to.
Austin Carter
I thought about it but I'm a brainlet
Brayden Johnson
Bug bounties are oversaturated as fuck and finding 0day is harder than ever. Stop roleplaying.
Grayson Sullivan
>finding 0day is harder than ever
lol maybe for you
Logan Martinez
Of course, super l33t h4x0r, it's super easy when there's static and dynamic reviews of code before private and public bug bounties for important things. Where can I see your 0days though?
Joshua Miller
>submitting to bug bounties retard just sell your bugs to real customers native bugs are as popular as ever, you're not a web skid, are you?
Henry Jackson
how often are we going to have these threads now, nigger? instead of properly studying algebra and logic and then applying it through Coq, Isabelle and Frama-C/Krakatoa/etc to real software you shill for retarded cybersec shit, where marked demand is created primarily by tech illiterates and other retards
>Why dont you study Cyber security ?` >Infosec is BIGBRAIN only Because it's idiotic in concept >School for becoming clever It's a designated meme degree for brainlets who can't learn on their own something that grew is a designated passion project sector. It's worse than degrees for game-devs. I'm not even going to waste time typing out explanations.
Jose Ross
>native bugs The fuck are you talking about? This roleplay is getting very dumb.
Christopher Phillips
hell yeah keep proving you're a retard who doesn't know the first thing about real cyber security i bet you've never opened ida in your life champ
no good alternatives r2 is garbage binja might be good in a decade ghidra is ok but still not great
just pirate ida like every other person on the planet
Alexander James
>just pirate ida like every other person on the planet >just pirate ida >just pirate software your work revolves around the absolute state of """cybersec""" lmao
Jeremiah Hall
If you pirate software in 2019 you are a fucking idiot. there is plenty of free and open source software out nowadays, if it's not good enough just buy the fucking software instead of installing ransomware-ridden cracks.
Caleb Carter
>ida >cracks man you kids literally have 0 idea how this field operates
sorry youre open sores shit is garbage
if you're not doing shit professionally there's 0 reason to buy it obviously i have a real license through my job
Luke Jackson
Bro I know a thing or two about security, I'm a Certified Ethical Hacker
Josiah Morris
ok cool that proves that you're incompetent nice
Kevin Morgan
keep talking like that and ill backtrace u, i know how to install kali
Hunter Nguyen
just stop embarrassing yourself and kys already lmao
Jaxson Myers
sure u dont need to check ur training book to figure out how to install kali again?
imagine having certs in 2019 and bragging about it
Dominic Sanchez
I'm a security consultant (pen tester), does that count
it's a challenging job as youre exposed to all kinds of systems and youre supposed to be the expert
Wyatt Phillips
lmao I bet you don't have any certs. skiddie
Angel Perry
lmao i bet you've never found any 0day. skiddie
Evan Stewart
and how many have you found mr. hackerman?
Michael Jones
Are you ever going to get bored of your roleplay? Are you telling me you doo binary exploitation on the era of webshit and SaaS and somehow you make money? You still haven't posted one single CVE made by you.
Austin Harris
that's classified
Brayden Long
>he has no idea how large the vulnerability research field is >Implying i submit CVEs and don't sell bugs holy shit you're stupid you think OSes and firmware are SaaS?
Caleb Brooks
Just keep LARPing bro, if you're lucky someday you might be approached by some random black guy offering you weird pills
>you think OSes and firmware are SaaS? Of course, and those bugs never get a CVE even if you're working on OS and firmware. You're are really some new level of roleplayer. Still it goes back to the starting point, operative systems have such a large area of attack that you need whole teams and lots of time to find something.
Brayden Sanchez
you're literally so stupid it's not even worth explaining to you how the vulnerability research field works here's an example for your tiny brain where do you think eternalblue came from? how much do you think it was worth?
Nolan Rodriguez
>where do you think eternalblue came from? Lmao, developed by NSA and "sold" by some tards that didn't get any money because most of the bugs from the package were already patched and nobody cared about the auction, so they had to give them for free. And surprise it has a CVE unlike your super bugs.
Jeremiah Ortiz
the NSA it was worth whatever the NSA pays the employees who worked on it
Parker Cooper
>thinking NSA develops all bugs in house christ you kids are actually retarded
Juan Cox
>Why dont you study Cyber security ?` b-but, user, I did Bachelor of Science in Information Assurance and Security Management
Carter Wright
yeah okay, superhacker go back to ricing your desktop while blasting shitty 90s techno
Levi Reyes
Wow, so you're telling me that you sell your bugs to the NSA?
Samuel Moore
read the shadowbrokers confluence shit champ
Camden Baker
I have an IT security degree and it's gotten me everywhere EXCEPT security. I've done helldesk, desktop support, network engineer, software analyst, sysadmin, but not network security. I almost got a lateral move to network security analyst but then the CIO's son got the job.
Evan Russell
Tell me about this; I have an interview coming up for a job that involves penetration testing and I want to sound knowledgable and experienced. I'll give you $10 on paypal for advice.
Charles Howard
>I almost got a lateral move to network security analyst but then the CIO's son got the job should have been a music major
can't believe nobody got punished for fucking over pretty much every adult in america
Colton Anderson
Open telnet and connect to their email server. They will be impressed.
Samuel Robinson
Just give him a firm handshake, look him in the eye, and say "I'm the man for the job, sir"
Blake Rogers
The what? Does not prove that the roleplayer knows shit, and does not prove that eternalblue wasn't created inhouse since equation group != zerodium and obviously not related to TAO.
Adrian Campbell
>The what?
He's talking about the vault 7 leaks from a couple years ago, and calling it something else to sound like some kind of edgy deepweb shit for hardcore hackers such as himself
because I'm not smart...? when you give me the option to either pursue your meme CS degree or gender studies/starbucks what do you think I'm going to take?
Chase Robinson
shadowbrokers was the group that released it retard confluence is the wiki that they posted, that had all the info, including their vendor's codenames i guess this is just too much for retards like you to understand
it literally doesn't matter if eternalblue was sold to them or not, it proves that they're buying 0day, which is what you retards have been trying to argue against
William Nguyen
>which is what you retards have been trying to argue against No I'm not, I'm just making fun of a roleplayer that can't prove that he is selling his big boy bugs. He said that eternalblue was bought by the NSA and he was proven wrong, hence he is posting nothing but fantasy.
Evan Cruz
can you prove it wasn't? obviously they're not going to come out and say it, and obviously i'm not going to post a bug i've sold, otherwise i'd never be able to sell another one you're a fucking retard if you don't think this market exists
Blake Lewis
Of course nobody is going to buy a bug from someone that makes such wonderful bugs.
Austin Cruz
>i'm not going to post a bug i've sold, otherwise i'd never be able to sell another one >m-my girlfriend goes to another school! in canada!
Kayden Miller
it's not worth arguing with retards who couldn't identify a memcpy if their life depended on it, good luck in your IT jobs making 60k a year
John Ward
good luck getting a job when you graduate high school in a couple months.
Landon Reed
Lmao
Jayden Brown
>the best in computer science >only the smartest can complete cyber security >infosec is BIGBRAIN only op is a brainlet-manlet with a huge ego
ida is for skids use gdb with no plugins or youa’re a skidd.
Wyatt Moore
I overheard the principal consultants in my office impressed with a recent candidate who went into detail about the different types of XSS there is, and explaining DOM-based XSS, etc. apparently he also knew his shit when it came to TLS-based issues
You know retards straight out of HS can do info sec in the military right?
Nicholas Myers
There are some incredibly smart people in the field but the actual programs for it at colleges attract some of the biggest brainlets
Austin Bennett
IDA pro is still used to reverse shit because you will be absolutely lost if you try gdb on something made with Codesurfer by Grammatech. Thing is that junk is only ever infecting proprietary software, so I have no interest in it, or any security 'research' really.
Everybody already knows exactly how to make things 'secure'. Nobody wants to pay for it, so instead we have this massive industry of rubber stamping audits for just doing basic things but the whole underlying foundation is insecure anyway.
Tl;Dr look up Ego Homakov, read his thoughts on the absolute shit state of modern security research.
Thomas Jones
Literally 90% in that industry are fucking moron boomers who just execute a standard pentest and charge companies 50 billion shekels for finding vulnerabilities any decent College kid could point out for a beer and 20$ an hour
Jason Jones
What you don't understand is nobody cares if you actually find any vulns. What they care is that you run a huge company claiming to do audits, and then can just advertise the fact that a one week audit totally greenlighted your banking software so users can enjoy the security theatre like advertising. Companies also do this for insurance/litigation reasons, you have a rubber stamp from Optiv or NCC Group and can avoid lawsuits when there's a massive data breach
this is why selling 0day is the only true security field
Caleb Cox
Pretty much, though a lot of this is automated these days just extracting control flow graphs and running SAT solvers on them. You can definitely make some pretty secure shit by simply breaking out OCaml but the problem is 99.9% of all our protocols and internet standards are fundamentally insecure, like HTTPS/2 ect.
Andrew Bennett
Another big thing these days I forgot to add is creating a target emulator because Von Neumann architecture is so flawed. Anybody who can write VMs and emulators you could easily get a security job at NCC Group or whatever others these days like some kind of handheld device running a proprietary stack such as an iPhone
Brayden Diaz
That you can find and exploit a vuln and then document how you did it, what you can do with your access, and how to mitigate or fix it.
Jaxon Hernandez
I can guarantee the retards who get into the infosec jobs are smarter than you
Isaac Sullivan
Is new mr robot season out yet?
Nathaniel Lewis
>finding 0day is harder than ever You're right, but still not impossible. Thousands, if not hundreds of thousands are found every week. Someone right now is downloading a database full of credit card numbers.
Asher Gray
t. university of belfast janitor
Anthony Taylor
So, how do you justify your dept and no prospects of a stable job?