Reddit reviews InfoSec Career Hacking: Sell Your Skillz, Not Your Soul
We found 2 Reddit comments about InfoSec Career Hacking: Sell Your Skillz, Not Your Soul. Here are the top ones, ranked by their Reddit score.
Used Book in Good Condition
Let me preface this by saying I know nothing about netsec but can offer a general framework.
To make a career out of netsec you need to know the answers to three questions:
As a starting point you might like to check out
http://www.amazon.com/InfoSec-Career-Hacking-Sell-Skillz/dp/1597490113
That book covers nominally what you are after but it's a touch old (2005) so things might have changed since it was published. Apparently it discusses the various job types within the industry which should give you a sense of what is possible.
With this information you next want to find a list of employers you'd like to work for. Your goal is to try to build relationships with those companies: do they offer internships? What knowledge/experience are they looking for from new employees? Could you meet with someone to talk about the industry? Etc.
You might be able to do this by blindly emailing or phoning the companies. However, it will probably be more effective if you can meet someone face to face. The obvious way to do this is to go to university careers fairs, conferences, local clubs etc. If you're at university you might be able to ask your teachers if there is anyone they know of who they could introduce you to.
At the very start of this networking phase you could be quite broad in who you talk to. If you know 20 people and they each know 20 people then you have access to 400 friends-of-friends. Sometimes someone knows of someone who could be helpful for you. Once this lead generation has kicked into gear though you can focus down on the people most relevant to you.
At this stage you hopefully be able to answer the question 'What do I need to know?' with 'If I can do x,y,z then ABC Inc will give me work.'
You will now want to start learning those skills. Your contacts might be able to give you some suggested reference sources but you're probably best off learning by doing a series of small projects. The reason is that they will give you a sense of 'what it is really like' beyond the textbook theory, but also because they will prove that you can actually do something. It's one thing to say "I know some basic reverse engineering." and another to say "I know some basic reverse engineering, here is a 'Hello World!' program I wrote in C and here is a crack I wrote which makes it output 'Goodbye World!' instead."
If you're really pushing this you could start a blog detailing your projects. From your perspective it's a way to track your progress. From a more pragmatic perspective it is an advertisment for yourself and a way to keep bubbling at the back of your prospective employers mind as they can see what you are working on.
As you continue along this path eventually you'll get the necessary skill set to start applying for positions. When you do apply you'll hopefully have two aces up your sleeve: projects which prove you are capable of undertaking the required work, and ideally some sort of reference from an established figure within the industry (or even better, company.)
I am vaguely aware of a netsec one-person consultancy company vibe. I don't know how common that is or how you would set up as an independent contractor but that is another path to look into.
----
This approach is loosely based on this which might be interesting to you for a much more detailed application in an academic setting.
Here is a great book that can answer a lot of your questions and give you some insight on what you can expect with various certification and paths.
http://www.amazon.com/gp/product/1597490113/ref=oh_details_o01_s00_i01?ie=UTF8&psc=1