-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Still Hsu <[email protected]>
- Loading branch information
Showing
1 changed file
with
36 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| --- | ||
| title: Advice | ||
| permalink: /advice | ||
| layout: single | ||
| toc: true | ||
| --- | ||
|
|
||
| # Advice | ||
|
|
||
| Over the last few years, I've been asked a few times regarding advice of "getting into cybersecurity" or "what should I look out for when applying a job?" Rather than typing out a whole essay every time someone asks me this, I think it would be better if I leave some of the most commonly asked questions here. | ||
|
|
||
| First of all, know that these questions may highly depend on where you are in the world and the work ethics/culture the company or the general vibe of the country you are looking to work in, so the following would be *my* personal experience and take. You may hear wildly different answer depending on who you ask. | ||
|
|
||
| ## What should I learn? | ||
|
|
||
| For example, the question of "what I should learn" highly depends on what you want to apply for and under what category, as the field of cybersecurity involves way more than just "blue/red team." Pentesting, bounty/bug hunting, threat intelligence analyst, malware researcher, blue/red team R&D, and so many more depend on varying level and category of skills. Finding out what skills you have and which job you are more likely to find yourself enjoying in would be a good start. | ||
|
|
||
| For me, I've been doing threat intelligence research for at least a few years now. My job entails things like reverse engineering malware, figuring out how they work, what infrastructures do the attackers use, are there precedent of similar cases, do we know who did it or make an educated guess of who did it, what can we learn from it (detection rules/general behaviors/threat group commonalities). This line of work requires: | ||
| - A decent understanding of reverse engineering (e.g., reading assembly, using disassembler, operating a debugger, etc.) | ||
| - You don't need to be an expert to get started. Just basic abilities of understanding what you are doing when looking at them is enough! Not even I know how to write basic assemblies sometimes. | ||
| - The patience and brain work to figure out who is behind the attack | ||
| - The ability to hunt for more samples (e.g., writing YARA rules) | ||
|
|
||
| Different jobs have different level of difficulties that come with them, and your employer may expect varying level of things out of you. In my experience, my colleagues and direct higher ups were very patient with me; they let me figure out how things work and taught me how researching worked. My point is sometimes you don't even need to necessarily have an impressive record or knowledge to get hired - but that really highly depends on a company-by-company basis. | ||
|
|
||
| ## What if I don't know anything *too in-depth* about the field? | ||
|
|
||
| There are still positions for you! You can be technologically savvy enough but not good at reverse engineering and still land a job with a position like threat intelligence analysts, news reporter, support team, infosec-related marketing, etc. There are roles within the infosec field that do not require you to be a 150 IQ genius and know the ins and outs of everything. | ||
|
|
||
| ## What project would I expect to see on a candidate's resume? | ||
|
|
||
| Honestly, not a lot if they just recently graduated. Once again, I think this highly depends on the role you are looking to apply for. If we are talking strictly about threat intelligence research, I expect something related to our line of work; whether it is malware research, reverse engineering projects, network traffic analysis, something that showcases your OSINT abilities - basically anything (be it experience or tools) that would help you work better or faster at work. | ||
|
|
||
| ## Are certificates a must? | ||
|
|
||
| We practically do not look at certificates when considering candidates. Sure, it would help, and it would certainly be impressive you've gotten yourself an OSCP cert or something like that, but we don't expect that to be a "requirement." When I look at an interview challenge report from a candidate, I expect something that can prove yourself that you know what you are doing. For example, if I gave you a malware sample, at bare minimum you should show me what the malware does, what you've done to analyze the sample, what insight or intelligence are you able to gather based on this sample, etc. In other words, proving yourself is more important to me than fancy certs on a resume. This is yet another thing that would highly depend on your country and what company you are applying for, as I've heard conflicting interests in other countries where they expect certs at minimum, which whilst I don't necessarily agree, some places are just like that. |