|
|
|
|
|
|
by alltakendamned
3410 days ago
|
|
|
Security consultant checking. Candidates with some form of experience are often preferred. But the beauty of infosec is that that experience can be pretty much anything, it does not have to be relevant work or school experience. Have some bug bounties, CVE's or exploits to your name, you'll get an interview. Have a certificate like OSCP to your name, you'll get an interview. Do writeups of Vulnhub machines and that might even be good enough. But what seems to be the common theme among security people in nice jobs is that the effort came from them. They were self driven, this is what they do, regardless of whether they're paid for it.
And the reason is simple, this is a fast moving job, which often requires additional study and effort on a daily basis.
So show that you have this quality and take a very active approach to the start of your security career. It should work, everyone is hiring. |
|
|
That assumes you hear of positions, and apply. I do auditing for fun in my spare time, and have reported issues in software as diverse as Emacs, evilvte, GNU Readline, gforge, oping, and NCSA Mosaic 2.1 (!).
Brief list - https://steve.fi/Security/Advisories/
In all that time I've never once received an unsolicited offer/mail about "security". I do receive unsolicited contact from recruiters every other month or so, on the topic of Perl/Ruby/C++/etc.
(Interestingly I stopped getting recruiter mails from people asking about C++ when I moved a couple of personal github repositories into an organization of which I'm the main active member. I suspect that means recruiters are crawling github now.)