Hey, /g/.
Is this event worth paying $400 for? I'm interested but the price is a bit steep.
https://www.eventbrite.ca/e/calgary-cybersecurity-series-certified-ethical-hacker-training-march-4-2017-tickets-32023369761
>>59005329
>400$ for a fucking event on cybersecurity
What a fucking scam.
>>59005329
No, these are all industry type courses that usually your employer pays for which is why they exist. In the next post I'll drop all the free shit you can do just to get into the 'industry'
>>59005329
Get the following books:
- Tangled Web: Browser Security
- Web Application Hacker's Handbook
- Greyhat Python.
You do those books, not just read them. Greyhat python is in there because it teaches you to build your own security tools which is what you want to learn, running test suites on applications which is how you get jobs.
Then you try shit like memorycorruption CTF style like games, or the cryptopals crypto challenges.
Now you go apply as a Junior analyst somewhere at NCC Group or the dozens of other companies. They then pay to train you.
There's also this free list of lectures:
http://howto.hackallthethings.com/2016/07/learning-exploitation-with-offensive.html
After you have worked for a few years as a Jr to intermediate consultant somewhere at a well established security corp you can break out on your own as a Senior consultant, and make the real money, give presentations at Blackhat or wherever ect.
>>59007718
Thanks for the advice.
>>59007798
What I did is just make my own security job. I started as a junior dev 'full stack developer'.
There was no security department, so I started running tests on our app, using those above 3 books info. I then created a test suite, so we could automate the tests before rolling out new features. This was all noticed and they made me "Security Lead". I kept doing it and researching then was made a manager of security, essentially they parachuted me into a Chief Information Security Officer role and I started hanging out with the executives and making management decisions.
I then jumped from that company directly into a real executive role as chief security officer which everybody is hiring for. While there they paid to send me to industry shit and conventions, and I did that until I was considered a senior executive at age 25.
Then I quit and went back to school to get a degree in AI as I got bored of the whole security thing but I still work remotely P/T for a lot of money as a security consultant.
tl;dr just make your own security job if nobody hires you for security