We all got our start in security at some point, how did you get started? What originally piqued your interest or got you started on the path toward information security?
Bonus Question - Do you have any advice for others that are getting started? What’s the best path to take in the early days?
1 Like
I got started in security out of curiosity, and necessity. I’ve been a developer for quite a number of years now, and as such have seen my skill set grow. In the past few years, I’ve been focusing on administrative duties, including server maintenance / monitoring, incident response, all the way to analysis of code bases for clients. This widened perspective has given me the opportunity to not only observe attacks, but also learn about how they are performed, and the possible methods of mitigation.
Over the past year, I decided to take a more active role of perusing knowledge and skills relating to the field of security, with a focus primarily on Web Applications and Server Hardening. This has led me to become rather active in releasing WordPress vulnerability reports for plugins (ok - not the most challenging field, but we all start somewhere), as well as taking part in CTFs, and writing the occasional blog post.
I still see my self as a hobbyist, but I feel like I’ve learnt a hell of a lot over the past few years, and look forward to continuing to grow my knowledge base.
Advice for others
- Don’t be intimidated
- Read as much as you can from valuable resources, such as OWASP
- Take part in CTFs and intentionally vulnerable VM images (check out VulnHub), and read write-ups if you get really stuck
- Build up a list of people to follow on Twitter - there are so many great people on there that post useful information. They’re an invaluable resource
- Test platforms known to you, either through black-box or white-box testing
- Perform code reviews and static analysis
- Take courses on sites like Coursera and Cybrary. Read!
- Don’t give up, but don’t be afraid to ask. A lot of people are happy to help, or give advice
2 Likes
JaysonStreet just started a video blog and he answered this same question. Watch Jayson and ioCassie talk about how they got into InfoSec:
I got a Tandy TRS 80 when I was 11 or so and never played a game in my life, i started reversing pretty much and coding in basic and pascal. ive been doing networking and pentesting for 20 yr , suggestions would be. dont give up obviously
The only people successful at this game would be the people who have passion for it.
- know Linux in and out
- learn a new util/script everyday
- learn something about networking and routing daily
- setup a lab with proxmox at home you can do it all on one machine and its free. cant beat that
peace