Cyber Security
I want to be a hacker: But where do I start? “Being a pen-tester does not mean being good at using tools either. It’s about being able to understand how things work, how things are configured, what mistakes people make and how to find those weaknesses by being creative. Being a pen-tester is not about launching Metasploit against the internet.” - Corelan Team
A
By Ricki Burke
and Dawid Bałut
s an information security recruiter, I’ve worked with countless numbers of professionals in this incredibly diverse industry. One question that I get asked time and time again is how do you get started in infosec? So, I decided to collaborate with a great connection of mine called Dawid Bałut, who is an experienced security professional who set up his own boutique security consultancy called, InfoSec Remedy. After working as an internal security professional – as a security engineer, moving up to principal security architect and executive board advisor – and then operating as a freelance penetration tester, Dawid gets to work with his ‘proven in battle’ colleagues, delivering outstanding penetration testing and security consultancy outcomes for customers. Both of us are often asked to proffer advice to those looking to get into penetration testing, so we decided to co-author this article on how to get started. As a recruiter, I am asked to fill positions across the full spectrum of roles in this industry, all the way from the glorious heights of CISO down to finding the next generation of security professionals. Unfortunately, I have limited capabilities in helping those looking to get into the industry. Sometimes the best I can do is provide advice,
24 | Australian Cyber Security Magazine
especially regarding one of the most sought-after roles, that of the ethical hacker or penetration tester. For those wanting to get a great job like this, it’s probably one of the easiest. Why? Because you can upskill yourself without having to rely on an employer. The problem is that there is a difference between wanting something and being able to offer it back to the employer. Yet, it’s when you can offer these as professional skills that organisations are interested, so how do you get there? Let’s look at some of the activities that people looking to get into infosec need to consider: •
•
There are plenty of ways to learn and develop your skills, like reading books, reading (or writing) blogs or taking online training courses, such as those from courser (https://www.coursera.org), cybrary (https://www. cybrary.it) or securitytube (http://www.securitytube.net). You can even take some of the free Computer Science lectures published by universities like MIT. You should learn what real-life software engineering is like. Get some computer code and learn about