How does one develop a career in security?

Please don't say "By hacking X of course!"

There's courses for that at universities.

Otherwises: what you said.

It's one of those areas you have to either "hack" your way into or go out of your way to become a white hat.

Me being from Vegas, I thought you meant security guard for like a casino or something lol 😂

Hey, a question i actually can answer!

So if you really want a big job in security, learn a lot of network skills (how a packet goes from router to router, how ssl handshake happens, how encryption works, etc...), but you should also learn the tools of the trade: Snort/Suricata and network taps, BRO, TAXII/STIX, and definitely linux.

Obviously know python, but try and investigate recent breaches (Target, Ashley Madison, Equifax, etc...). Those will help you build out a foundation for how previous attacks have occurred and will give you an idea for what is possible in the future.

Another hot-button issue these days is data analytics for security; how to programmatically search network logs for malicious activity or cleartext passwords, how to search system logs for token hijacking, how to identify devices that shouldnt be on a corporate network, etc...

Im running out of characters, but that should be good enough to get you started. Also get familiar with wireshark or a similar tool

Feel free to @ me for questions

@arcsector you forgot an important question, what kind of security. Im no expert at all but I think you are mainly targeting network security, but there is also application security.

AKA do you want to protect a network (with file servers) against attacks or implement measures against SQL injection kind of things.

@Codex404 normally cyber falls under the purview of all of it (since investigations and the SOC usually know a lot about the network in order to figure out what is going on), but you have a fair point. I think, however, it is easier to start with network and then move on to apps since the emerging technologies (cloud, containers, serverless, etc...) are changing the paradigm. You could start with container security but then theres a whole lotta prerequisites to know about.

@redman you forgot the hoodie

@arcsector thanks for taking the time to answer this! I actually got a feel about I'd like to do security by reverse engineering private APIs in web and native apps, figuring out how to bypass bot detection services, etc. Mainly just about automating stuff that people who created it wanted it not to be automated. So I have decent idea about network, at least the http! Not on packet level perhaps.

However, I realised maybe that this is not really a security thing that I'm doing, and maybe everyone can do this, lol!

I also figured there's not much that you can do in security yourself. If I am interested in being an entrepreneur, what kind of security company can I create? What will my company be solving? If I make a living a s a freelancer, how do I get stable work? This seems like a narrow field.. any insights on this front? I'm currently freelancing while in 3rd year of my engineering, but I'm not the one into academics.. took much of a practical approach(fear this sem am gna fail)

@mehcoder emerging technologies; cloud and container security. On-prem security is already done really, really well by companies who have been around since before cybersecurity was a field of interest.

I would also say that outsourcing cybersecurity is a great way to do it; have a set of tools that you can go into an emerging business and say "i can have your full Security stack covered plus investigation for $X per month" and thats probably where smaller companies are going; Security as a Service.