Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I wish I knew someone who does it so they could give me some tips getting my foot in the door.
There has to be a handful of skills that once you know them would allow you to do entry level penetration testing.
Have no clue what those are, though.
Believe in yourself you can do it, there's quite a lot of resources on the net; videos, pdf, powerpoint, text files the list is not exhaustive but of course it has to be ignited by You.
I've worked in security for awhile and have done some pen testing. I would recommend trying to get a job in a SOC or a small MSSP. It's not glamorous but it's a good foot in the door to the better things.
I've worked in security for awhile and have done some pen testing. I would recommend trying to get a job in a SOC or a small MSSP. It's not glamorous but it's a good foot in the door to the better things.
Sorry, what is a SOC or MSSP?
What I wanted to know is if there are things I could do that would land me some side work in this area.
For instance, if I got a Certified Ethical Hacker or Security+ cert, would that give me enough skills to get an entry-level job or be able to do side work so I can then gain real-world experience?
(Most roles in IT have to have some entry point that is attainable. If you wanted to be a web developer, you'd need to know HTML, CSS and Javascript. And if you knew those, you could probably make some $$$ using those skills.)
So how can I do that with Security and Penetration Testing?
It's a bit different with security. Not a lot of people want to hire someone just starting out to work with sensitive materials and processes. Not a lot of part time work doing this either. Especially if they can be fined if you screw up. SOC is a Security Operations Center and MSSP is a Managed Security Services Provider. If you're really serious I would recommend getting those certs and working for an MSSP. Certs don't matter as much as experience.
It's a bit different with security. Not a lot of people want to hire someone just starting out to work with sensitive materials and processes. Not a lot of part time work doing this either. Especially if they can be fined if you screw up. SOC is a Security Operations Center and MSSP is a Managed Security Services Provider. If you're really serious I would recommend getting those certs and working for an MSSP. Certs don't matter as much as experience.
Are those basically web hosting companies?
I get what you're saying, but what about for smaller businesses?
There must be some things I could learn to help small businesses and non-profits be more secure and maybe make some side income so it becomes "real" experience.
Maybe installing firewalls?
Basic network hardening?
Penetration testing on company websites (e.g. Bob's Plumbing, Mary's Cakes & Cookies)?
I get what you're saying, but what about for smaller businesses?
There must be some things I could learn to help small businesses and non-profits be more secure and maybe make some side income so it becomes "real" experience.
Maybe installing firewalls?
Basic network hardening?
Penetration testing on company websites (e.g. Bob's Plumbing, Mary's Cakes & Cookies)?
Installing encrypted drives?
Patching systems?
Yeah you could probably get a few gigs doing freelance type work and put it on your resume. Don't mind me, I'm a pessimist so I can find a lot of ways where it wouldn't work but doesn't hurt to try.
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,524
Rep:
Foot in the door.
Quote:
Originally Posted by SteelCitySteve
I wish I knew someone who does it so they could give me some tips getting my foot in the door.
There has to be a handful of skills that once you know them would allow you to do entry level penetration testing.
Have no clue what those are, though.
No one is going to let you pen test until they know they can trust you. Download metasploit framework, john and openvas. Learn how to use those, netcat, nmap, dsploit, and spoof. That's a good start.
Small law enforcement agencies and private investigators that can't afford their own full-time data-forensics staff often hire freelancers, You must be good with smart phones though, and that requires financial investment, XRY by MSAB.
You can also pick up a cracker for locked hard drives from Vogon UK.
Last edited by AwesomeMachine; 04-19-2018 at 09:48 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.