cybersecurity

3238 readers

1 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 1 year ago

MODERATORS

[email protected]

Infosec Engineer AMA (infosec.pub)

submitted 1 year ago by [email protected] to c/[email protected]

44 comments fedilink hide all child comments

Hello! My name is Mike and I am an infosec engineer with 10+ years experience. I've worked in GRC, Vulnerability Management, PenTesting & AppSec. I have 17 SANS certs (I have a serious problem) and I'm also an infosec community enthusiast and creator/mod for /c/cybersecurity. AMA!

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 2 points 1 year ago (1 children)

If anything that’s a great learning environment. Offensive security is a lot of reverse engineering, figuring out how stuff works based off (extremely) limited information and understanding how best to attack it.

Moreover, as these are old systems, they’re more likely to be outdated and vulnerable - not that you should try without permission or a clear understanding of what you are doing, particularly on production gear.

At any rate, no company will pay you to learn a completely different job to the one they hired you for. So you’re going to have to spend some of your own time learning about security. Where to start has been repeated ad nauseam online so I won’t attempt it.

[–] [email protected] 1 points 1 year ago

Sorry for the late answer.

I haven't thought of it that way - if I can convince my boss to test my skills on the legacy systems the company is running, it could be beneficial for both... assuming I get permission and enough actual skills to assess vulnerabilities.

Thank you for the perspective. I agree that intro posts are repeated ad nauseam, I will find my own way.