Starting your Infosec Career

Transcript

1. Benjamin Scott [email protected] Start your infosec career

2. Why computer security? Benefits - High demand / pay -

   Fun and interesting - Relevant to startups and software engineering - Can grow into management / consulting Downsides: - Risk of over-specialization - Hype cycle - Ethical issues

3. What should I do now? - Group projects - Self

   study and hands-on practice - Leadership in security club, ACM - Broaden your understanding of business, design, psychology - Ask for a mentor at local meetups and security groups

4. Build your Brand - Come up with a unique schtick

   - Portfolio site - Buy a domain like foxlight.co - Make a Github Pages site - Host on Netlify - Post on Forums - /r/netsec - Security.stackoverflow - hackernews

5. How do I choose an internship? Follow your passion -

   Impactful projects (“how does this help the world”) - Flexible hours and remote work - Role models (“where do I want to be in 3 years”) Take a chance to travel - Asia, Europe, NYC, Bay Area, Seattle, Boston - Find a culture and location that you love

6. What kind of job can I get? Software developer -

   Build stuff Vulnerability researcher - Break stuff Incident responder - Keep bad guys from breaking into stuff Intel analyst - Talk about how bad guys break stuff

7. How do I find a job? Make it easy to

   hire you - Spend 15 minutes to learn about the company and open roles - Write a 4-sentence intro explaining why you’re the best candidate - Have a professional portfolio site / email / github Reach out to friends and colleagues - Short-circuit the “online application” process - Build a professional presence on Twitter and Github - Ask people to review your app - “would you hire me”?

8. What do interviewers look for? Technical Skills - Operating system

   and networking fundamentals - Python, Java, Javascript development - Ability to deploy and scale a web-app Non-technical Skills - Speaking and presentation skills - Working with a remote / diverse team - Knowing how to pitch ideas - Iterating on design without making it personal

9. I got an offer! Now what? Negotiate a Salary 1.

   Pick a number range based on your location and experience 2. Don’t give them a hard number until you get an offer 3. Ask for 10% more than your goal and compromise Choosing an Offer - Have a friend / mentor check it out - Your bonus and relocation is taxable - Ignore exploding offers

10. Your Next Steps Check out the /r/netsec Hiring Thread reddit.com/r/netsec

    Build your skills on a Capture the Flag team trailofbits.github.io/ctf Meet people and present at a local conference securitybsides.com Ask me Anything! [email protected]