Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

  • shellsharks@infosec.pubOPM
    link
    fedilink
    English
    arrow-up
    3
    ·
    11 months ago

    Hard to give you a definitive answer on this one. I’d say you’d be hard-pressed right now to pull that off without a direct referral or other networked way-in. Job market is condensing, lots of (experienced) out-of-work folks looking for new roles, etc… If you aren’t already in infosec, or you’re not a full-time dev with some security knowledge, it will be tough. Your best bet (roughly) on things to add to your skills/portfolio would be…

    • Proficiency with one or more languages that your target role company uses (and evidence of this XP)
    • In-depth knowledge of OWASP “stuff” (Top 10, ASVS, etc…)
    • Practical XP with attacks/exploits (via experience, CTFs, trainings, Web Security Academy, etc…)
    • Some applicable certs

    Some other stuff you might find useful…

    • mrh
      link
      fedilink
      English
      arrow-up
      2
      ·
      11 months ago

      Thanks!

      Do you happen to know what certs would be most “applicable” in this case? Something like OSWE?

      • shellsharks@infosec.pubOPM
        link
        fedilink
        English
        arrow-up
        3
        ·
        11 months ago

        Pure appsec certs off the top of my head… OSWE, GIAC GWAPT (and others from SANS), Portswiggers Burp Suite cert, OffSec also has a 200-level appsec cert. I’m sure there are other popular ones too.