this post was submitted on 10 Jul 2023
14 points (100.0% liked)

cybersecurity

3242 readers
20 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Enjoy!

founded 1 year ago
MODERATORS
 

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 0 points 1 year ago (2 children)

General question but how do y'all actually find a mentor? I feel like there's probably a local group nearby me or something that I could look into but are there places/people that are more likely to say "yes, I will mentor you" in y'all's experience?

[–] [email protected] 2 points 1 year ago (1 children)

Tanya Janca (https://infosec.exchange/@SheHacksPurple) has a thread for mentoring on her Mastodon weekly (https://infosec.exchange/@SheHacksPurple/110690887324427507). There's a ton of communities (https://shellsharks.com/getting-into-information-security#online-communities) to ask around too. What type of mentorship are you looking for?

[–] [email protected] 1 points 1 year ago (1 children)

@[email protected] Sorry, was offline for a few days! Not really sure what I'm looking for, honestly? Mostly someone to kind of push me for doing more/exploring more? I'd like to focus in on AI security as well as container security and I know I can start that work on my own -- I just know it's easier/more likely for me to do things if I have someone filling in the blanks on things I don't know that I don't know. I'll start with those there (been following She Hacks Purple and InfoSec Sherpa for a bit) and see if any long hanging fruit shakes lose from the tree, thanks again!

[–] [email protected] 3 points 1 year ago

I’ve seen some good AI-related security things out of OWASP lately and some container security stuff from DataDog if you want to do a little googling.

[–] [email protected] 0 points 1 year ago (1 children)

For free? Youre probably best finding help on forums like this. Hacker news is decent also

If you're willing to pay, well then obviously there's a market for it

[–] [email protected] 0 points 1 year ago (1 children)

That makes sense, thanks! Have you ever hired a mentor before? I imagine it'd be a lot like hiring a coach but how would you know that they're not just being kind of a "yes man" or at the very least kind of reputable?

[–] [email protected] 0 points 1 year ago (1 children)

Yeah, check out David Bombal on YouTube. He interviews hackers. I recommend looking at those and the channels of people he interviews

I pay @three_cubed AKA master OTW [occupy the web]. It's good information, but what's your academic background like? I came in with an advanced degree and felt the tier that was right for me was the most expensive (subscriber pro)

My day job isn't infosec related, but when I do find time to better those skills I've found this loop pretty fun:

Vulnerability scan websites (like with owasp zap) Find a most severe vulnerabilities I haven't done before (XSS for example)

Play capture the flag targeting that vulnerability.

Similar process works with nmap or shodan to get information about what services are running on an IPs port. Then using metasploit to try and run scans/fuzz inputs, deliver payload, run exploit, and perform post exploitation activities (typically data infiltration/exfoliation)

Eventually I'm gonna try and get into reverse engineering malware

[–] [email protected] 1 points 1 year ago

write_that_down.jpeg

This is amazing info, thank you! So I have a BS in comp sci and applied math but all my experience is from ~10 years in different roles in IT from helpdesk to now cloud engineering/devops. I've had been doing some CTF's and Juice Shop for a bit but fell off because things got busy (as they always do). Lately I've been looking at reversing DRM for old shareware games just to get more familiar with the concepts but it's been mostly looking rather than doing so far lol. What I really want to get better at are namely two things:

  • Container security and exploiting it
  • Getting better at understanding how things work at lower levels to be better at reverse engineering

Really appreciate the insight and hope that everything goes well with your plans!