Thread replies: 34
Thread images: 4
Thread images: 4
thatguy (ID: !!Ykah/1I70dv)
Question time 2016-08-20 00:35:48 Post No. 56167832
[Report] Image search: [Google]
Question time 2016-08-20 00:35:48 Post No. 56167832
[Report] Image search: [Google]
File: 1389004000851.jpg (96KB, 500x714px) Image search:
[Google]
96KB, 500x714px
I'm a security consultant at a fortune 500 company. Ask me anything.
>>
File: screaming geometrically.jpg (170KB, 861x718px) Image search:
[Google]
170KB, 861x718px
>>56167832
Common /g/ shoot your questions at me!
>>
Are you too fat for a real job?
>>
What size shoes do you wear, and are they an accurate reflection of the size of your genitals?
>>
What degree?
Might get in this with cs degree in progress.
>>
>>56167832
is it normal if my poop is like a puddle of mud but with blood?
not every time, but from time to time
>>
>>56168327
I weigh around 70kg. So clearly not.
>>56168352
>What size shoes do you wear, and are they an accurate reflection of the size of your genitals?
Size 46 in Europe.
>>56168399
Did CS. Although the theoretical basis of my degree is a huge plus learning stuff on the job is a must. And I wouldn't have gotten this job if not for my own interest/curiosity in security.
>>
>>56167832
Does that mean you just do mundane shit like annoy your employers with checkpoint and the like?
I work as a developer and the day we brought on a full time security guy was the day we had to start doing faggot security tests, sign 2000 security documents, etc.
Also, our security guy just knows how to run his little security programs. He can't write code and just checks blocks. Nothing sexxy like Penn testing.
I'm sure youre like this right, glorified sysadmin?
>>
>>56167832
What do you do for a living?
>>
>>56168450
No, see a doctor about it.
>>56168468
>Does that mean you just do mundane shit like annoy your employers with checkpoint and the like?
Nope. Sounds like a huge scam desu. I provide real advice and do pentesting on a daily basis.
>I work as a developer and the day we brought on a full time security guy was the day we had to start doing faggot security tests, sign 2000 security documents, etc.
Classic huge corp. It's the same everywhere and top management doesn't have a clue about security.
>Also, our security guy just knows how to run his little security programs. He can't write code and just checks blocks. Nothing sexxy like Penn testing.
Of course we use tools to aid in pentesting. But if you're not putting manual effort in it your a shitty pentester and you suck at your job. It's fun weeding out the skids when conducting technical interviews.
>I'm sure youre like this right, glorified sysadmin?
Nope. I run my own projects. Decide completely how to approach testing the service/device/... Part of my job is also reading up on the latest security news/vulns/tools/...
>>
>>56168566
Guess what: Security Consultant.
It pays better than anyone else i know with my degree and experience.
>>
>>56168468
>>56168571
Thanks for the reply and for confirming what I figured: it's a scam, at least in our company.
We (all developers and such) knew it and knew he was installing monitoring software on our systems, but the sec guy is buddy buddy with ceo and apparently were required to be under certain federal guidelins yada yada yada.
Fucking corporate welfare man.
>>
>>56168590
Did you get that job right out of uni? How long can you maintain an erection?
>>
>>56168571
How hard it is to get into that field?
Assuming one has CCNA level of knowledge(well slightly higher), analytic mind, and is being able to learn(not memorize, but understand) stuff really fast?
>>
>>56168615
>Fucking corporate welfare man.
There's so much bullshit being sold in the computer security field it's not even funny any more.
I've seen a pentest report of a company that contained barely any findings. Just some findings that burp reported. When we tested the same website we found remote code execution, XSS, authorisation bypasses, ...
>>
>>56168716
>Did you get that job right out of uni?
Yes. Did my master thesis in security and only had a couple optional courses on security though. And while studying got in contact with the company through our university CTF team.
>How long can you maintain an erection?
Never measured really. Hours if i'm edging when browsing dank pr0n.
>>56168721
>How hard it is to get into that field?
At a shitty company? Piss easy i imagine. At a good company? Pretty hard. Our recruiting process is ruthless and that's necessary.
But if you want to get into it: Start doing wargames (e.g. overthewire.org), read some good books,...
And then you can always test your skills by trying to get some bugbounties via e.g. hackerone.
>>
Wake me up
>>
>>56168808
That's not really a question is it?
>>
>>56168822
Can't wake up?
>>
>>56168801
Care to recommend good books?
I've went for bad field (not it related, getting my masters soon, at least it is free) and I want to re-specialize into something both interesting and that pays relativly well.
>>
>>56168822
im a IT student from Costa Rica, just in my first year but ive always thought about chasing security as a job, would you recommend it? does your company or any company you know outsource? any foreign employees in your company or other companies you know?
>>
>>56168868
The Web Application Hackers Handbook definitely. But i think the /g/ wiki even recommends some nice books. Also you need to have that curiosity, that itch for knowing.
>>56168895
The security field is booming so any company that starts to realize the importance is hiring. And since my customer is such a big company they are hiring internationally if you're willing to relocate. Remote work might be possible in some more open-minded companies but even then that's probably not something they will allow starters to do.
It's definitely an interesting field to work in and since it's highly technical expertise it pays well.
If you're already interested in security start doing this >>56168801. You can only learn pentesting well by doing it. Focus on concepts/vulns/attacks not on tools. Knowing the development side also helps since you can better imagine how silly devs might implement things.
>>
>>56169005
what things do i need to know before hand? right now i know basic to very low level intermediate c++, ive messed arround with data bases a bit, recently transitioned to loonix hoping to learn more.
what do you recomend?
>>
>>56168837
I can wake up pretty much whenever i want. Flexible hours so that nice.
>>
>>56169055
Flexible work hours are my dream.
I usually get urge to work at night.
>>
File: 1450755136515.png (129KB, 186x264px) Image search:
[Google]
129KB, 186x264px
>>56168467
Do you think someone with sufficient interest, dedicated time, and qualifications (in terms of ability to code, and knowledge of security systems.) Could get your position if they studied something else?
Say economics? I'm already third year in economics so there's not really any going back but I'm doing everything I can to load my resume with CS experience because this is the field I want to go into.
>>
>>56169053
Really depends on what kind of security you are interested in.
Reversing? Then knowing C/C++/asm/... will of course be necessary.
Web application security? HTTP security, JavaScript, SQL/NoSQL, PHP, ...
But I'm a fan of having a broad basis. Because everything interacts with each-other in the end.
>>56169075
Lots of people do. I thinks it's getting more and more common because it's just more productive in the end.
>>56169084
>Do you think someone with sufficient interest, dedicated time, and qualifications (in terms of ability to code, and knowledge of security systems.) Could get your position if they studied something else?
Sure. Most of the things I do in my job are self-learned. Of course with CS you have a really strong background. Also play the economics card to your advantage. To a lot of managers it's very valuable if you can talk in their language and be a translator between the technical part and the business part.
Both in recruitment at the consulting firm the client we really don't give a shit about your degree. If you pass the tests it really doesn't matter. Just don't fucking lie on your CV. It's wasting everybodies time. We literally stopped and interview because some dude that allegedly gave a security course didn't know what the Secure cookie http flag was.
>>
>>56169224
Right, I'm going to sleep now. I'll check whether the thread is still alive when I'm awake if that's the case I'll answer some more questions. If not well maybe see you another time!
It was nice talking to you anons.
>>
What is the compensation exactly?
>>
>>56167832
What vulnerabilities does this fortune 500 company have?
>>
>>56169344
thanks faggot
>>
>>56167832
Tell me about an interesting exploit that you have had to deal with. Something not on the owasp list
>>
>>56169436
Maybe I should rephrase. I am looking for an interesting story, not just "forgot to escape inputs and outputs" type of thing.
>>
File: 1469824272074.gif (2MB, 360x450px) Image search:
[Google]
2MB, 360x450px
>>56167832
How do you keep Win 10 secure? :^)
Thread posts: 34
Thread images: 4
Thread images: 4