shellsharks
Infosec researcher | writes @ https://shellsharks.com
Mastodon: @shellsharks@infosec.exchange
- 131 Posts
- 97 Comments
I’ve tried a bit. But not really day-to-day just yet
2·2 months agoOverall, yes. Day to day y’know it varies. Pure “security work” is, for me, genuinely interesting and I spend legit personal time learning and working on projects, for no other reason than they are kinda fun. What I do as a security engineer for a corporation day-to-day and week-to-week doesn’t always translate to the “fun stuff”. So my answer is somewhat nuanced. Yes, I do like cybersecurity. But no, I don’t always like the work in terms of how it manifests in corporate life.
🦀
Got a bunch of house projects coming up myself… What kinda renos you up to?
Yeah $400 is too rich for me at this point in my life. But maybe one day 🤷♂️
I just use an Osprey Comet daypack (https://www.amazon.com/gp/product/B072N2WY6S/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1), though if I had just random money to burn I might go for the “Technonaut” https://www.tombihn.com/products/techonaut-30?variant=40265614753981
I wouldn’t worry about certs to start, especially not OSCP. Since you are in the software/dev space, I would consider security roles in the AppSec or CloudSec space as places to jump first. For that, consider going through PortSwigger’s web security academy (free) training online to learn more about web vulns, their impact, how to mitigate, etc… If you want a cert, consider one from a cloud vendor and apply to jobs that use that vendor. If you can do even basic scripting, understand app-related vulns and use a few appsec tools then you should be an easy hire for a lot of places. (That said, I’ve been hearing the market for infosec is atrocious right now).
I wrote a bit about the pitfall(s) of “Certification Paths” - https://shellsharks.com/notes/2023/11/14/stop-worrying-about-certification-paths.
This is coming from someone who has A LOT of certs, and I’ve learned over this time that it’s just not the right way to think about progressing career-wise. You can read more though about certs and some thoughts on what you could take here too https://shellsharks.com/training-retrospective#what-certification-or-training-should-i-take.
Never heard of 'em. I’d say most of those things, while not necessarily “scams”, are probably not worth the time you would put into them. That said, if you have free time and they pay, then it is what it is. If you go down that path, make sure to report back!
Greed. Capitalism. AI speculation. Other stuff …
Big consulting firms (e.g. Accenture) and the like. Government jobs too if you’re close to where those are. Outside that, it’s very random which companies have such openings. The bigger the company the more likely it would have a higher diversity of roles and seniority openings.
Omg. I too have developed an “affinity” for coffee as of late. Have been thinking of cutting back. There’s always tomorrow right?
I’m a KubeNoob so gotta give you props regardless 😅
Y’all doin’ cool stuff. Rust, K8s, GH automation - 💪 @CodeGameEat@lemmy.world @MigratingtoLemmy@lemmy.world @thadah@lemmy.world
I always recommend Wild West Hack’n Fest. Cool location and the con is pretty good.
Pretty much everyone recommends this https://www.professormesser.com
There’s no one path in to be sure. But there’s lots of ways to educate yourself and build a “hireable” portfolio from home and without getting a typical 4-year degree. Learn to code, get some applicable certifications, start a website (as your digital portfolio), contribute to open source or spin up your own project(s), etc… The IT/software/cyber market is not at its peak (in terms of opportunity), but we’re definitely still here and there are openings. It’s still a great field with a lot of perks if you can weather the challenges of “breaking in”. It’s also not going anywhere, despite what some may lead you to believe given the advent of “AI”. For those of us in tech, we’ll be the first to tell you that our jobs are pretty safe.
If it’s infosec you might be interested in, you may find this guide I put together and typically share interesting - https://shellsharks.com/getting-into-information-security.
Good luck!