Mentorship Monday - Discussions for career and learning!
from shellsharks@infosec.pub to cybersecurity@infosec.pub on 22 Jul 2024 14:27
https://infosec.pub/post/15233838

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

#cybersecurity

threaded - newest

kionite231@lemmy.ca on 22 Jul 2024 17:18 next collapse

I am not pursuing Cybersecurity but I have a good understanding of Linux, command line, networking etc. I have made IRC bots which got hacked by IRC people and it was fun learning things.

My question is what do we actually do in Cybersecurity? Is it just nmap, Hydra, Kali?

shellsharks@infosec.pub on 22 Jul 2024 17:30 collapse

That’s a loaded question 😅. One that can be answered in a few different ways… From a technical perspective, “infosec” is a relatively vast field comprised of a lot of sub-disciplines, so from a tooling and procedural perspective, it varies from job to job. Some would argue a lot of what we do is just theater, and for many orgs and many “pros”, this may very well be true. At the root of it all though, you could say our job is to ensure the Confidentiality, Integrity and Availability (classic CIA triad) of data/systems, keeping in mind the balance/tradeoffs between security needs and business requirements. To do so, we employ a variety of tactics, techniques, tools, methodologies, frameworks, etc… Another way to boil down what security folks do is in the lens of “risk”. Most business and IT decisions in general come down to risk-based decision making and security is no different. Security teams should understand the risk introduced by the threat landscape coupled with the respective data, attack surface, business assets, etc… to help inform the business how to reduce security risk to acceptable levels.

Hopefully this answer isn’t too vague and non-answer-ey!

iamak@infosec.pub on 25 Jul 2024 13:04 collapse

How do I upskill myself to be able to do bug bounties? I have participated in many CTF competitions but I don’t know how well that skillset will transfer to bug bounties and if yes how to transfer it

shellsharks@infosec.pub on 26 Jul 2024 12:51 collapse

Not a bug bounty hunter myself, but it seems like one of those things that you just have to jump into and start trying to do. So many bounties seem to be pretty low-hanging fruit type of stuff. The payouts might be either LOW or non-paid, just recognition type stuff, but seeing an accepted bounty submission come back does a lot for your confidence. It’s like CTFs in a way. Getting into CTFs seems intimidating at first, but then when you go actually do one and you have some level of success, it starts to feel a bit more approachable, you get more XP and you do better the next time.

You could also check this out www.bugbountyhunter.com/zseano/ and anything/everything from portswigger.net as that team is the best I know in terms of cutting-edge web app research.

iamak@infosec.pub on 26 Jul 2024 15:30 collapse

Thanks a lot. I’ll check both the sources as well!