+ Reply to Thread
Results 1 to 13 of 13
  1. Junior Member
    Join Date
    Sep 2017
    Posts
    23
    #1

    Default Is it possible to volunteer for small Information security projects?

    I understand that security is a major concern for any organization and therefore getting volunteer type of work is out of question. However, I do want to gain some practical field experience - Be it doing some research or engaging with vendors or 3rd party suppliers or penetration testing etc.
    So is there any way I can become part of such projects on volunteer basis for couple of weeks? Or do you have any other advise for someone in my position?
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Apr 2013
    Posts
    1,890
    #2
    I'm normally all for suggesting volunteer work as a way of getting experience but I'm a little confused on what you want to offer. You want to go to businesses and offer to engage with vendors? Or you want to do penetration tests? Do you know how to do any of these things already or hoping to learn on the fly with their security?
    Reply With Quote Quote  

  4. Senior Member yoba222's Avatar
    Join Date
    Jun 2013
    Posts
    350

    Certifications
    GCIH, eJPT, CCNA R&S, CAPM, Sec+, Net+, A+
    #3
    No idea how to join but this caught my eye last month:
    https://cobalt.io/
    Working on: Linux Foundation Certified System Administrator (LFCS) exam scheduled October 20
    Reply With Quote Quote  

  5. Senior Member scaredoftests's Avatar
    Join Date
    Dec 2013
    Location
    behind you!
    Posts
    1,943

    Certifications
    ACAS,Comp TIA Security +, Novell CNE, HDI Customer Service, ITIL Foundation, MTA
    #4
    Equifax might need some help....
    Never let your fear decide your fate....
    Reply With Quote Quote  

  6. Senior Member Phalanx's Avatar
    Join Date
    Apr 2017
    Location
    UK
    Posts
    224
    #5
    Quote Originally Posted by yoba222 View Post
    No idea how to join but this caught my eye last month:
    https://cobalt.io/
    https://app.cobalt.io/users/sign_up/tester
    Desktop: MCSE: Mobility | Server: MTA | Cloud: None | Networking: MTA
    Security: None | Linux: None | Service Management: ITIL 2011: Foundation
    Currently Studying: 70-417 - Upgrading Your Skills to MCSA Windows Server 2012 R2
    Reply With Quote Quote  

  7. They are watching you NetworkNewb's Avatar
    Join Date
    Feb 2015
    Location
    Off the grid
    Posts
    2,555

    Certifications
    A+/Net+/Sec+, CCENT, CCNA:Sec, CCSK, GCIH
    #6
    Build a home lab. Or try bug bounty programs.

    Gonna pretty pretty unlikely a company is going to want someone who is willing to work for free to help them out with their security. I hope so anyways.
    Last edited by NetworkNewb; 10-06-2017 at 06:31 PM.
    Reply With Quote Quote  

  8. Junior Member
    Join Date
    Sep 2017
    Posts
    23
    #7
    G'Men
    Thanks for the replies. I think I should elaborate my situation a bit more.
    I have worked in IT infrastructure, Technical support, Physical security and Auditing, and Networking for several years. I have also worked with some aspects of cyber security including Identity and Access Management, Basic log analysis, Network security and some Vuln testing etc. However I worked for only two companies, bith jb titles were Technical support specialist and Technical support Analyst. I feel that I need to have following two if I want to move into pure cyber security roles:
    1. Extensive hands on experience involving real life GRC, SIEM, IAM and Network security situations.
    2. At least 1 or two companies in my work experience section on my resume with job titles having security.
    So the question is how do I get the above?
    For 1, I am doing extensive study of whatever videos and examples I can find on the net including the paid and free ones on udemy Youtube cybrary etc. However I can't seem to find real life examples, for example of SIEM logs showing sql injection attack or a siem log showing network intrusion attempts. Any suggestions where can I find such stuff that is more real life like? ( I am also labbing trying to set up my own network at home with routers/switches/ firewalls and doing pen testing, scanning etc)
    For 2 - I am lost! How do I get at least 1 or two pure cyber security job experiences with security in job titles quickly? One option that crossed my mind was to volunteer if possible.
    Does anyone have any suggestions for me?
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Apr 2013
    Posts
    1,890
    #8
    Quote Originally Posted by jaguaar View Post
    G'Men
    I am lost! How do I get at least 1 or two pure cyber security job experiences with security in job titles quickly?
    You don't, you apply to jobs just like everyone else does. You said yourself you've already done IAM, log analysis, network security, vuln testing, so highlight those things in your job roles now. Job titles aren't everything, maybe you're trying to walk right into a Sr level role which isn't likely to happen on your first job, nor should it.

    Maybe work with a recruiter that can sell the fact that you're doing security tasks now but just don't have a 100% security title? I had the same problem moving into security myself. I don't know of a magic bullet that quickly puts multiple security jobs on your resume, if so everyone would be doing it already.
    Reply With Quote Quote  

  10. Junior Member
    Join Date
    Sep 2017
    Posts
    23
    #9
    Quote Originally Posted by Danielm7 View Post
    You don't, you apply to jobs just like everyone else does. You said yourself you've already done IAM, log analysis, network security, vuln testing, so highlight those things in your job roles now. Job titles aren't everything, maybe you're trying to walk right into a Sr level role which isn't likely to happen on your first job, nor should it.

    Maybe work with a recruiter that can sell the fact that you're doing security tasks now but just don't have a 100% security title? I had the same problem moving into security myself. I don't know of a magic bullet that quickly puts multiple security jobs on your resume, if so everyone would be doing it already.
    danieln7
    thanks for your post. Yes i ageee that slow and steady advance should be the preferred way to further the career but i am not sure if my resume will be of any interest to prospective employers particularly when there are so many other candidates. Everyone complains about skills shortage but heavens forbid if they have to train someone
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Apr 2013
    Posts
    1,890
    #10
    I totally understand the struggle. But, if they have lots of other candidates with the proper skillset then there isn't really a shortage at all. Work on your resume, if you want to be able to speak more into things like SIEM then you can install the OS version of AlienVault, play with Splunk, etc. Even if you were a master of one then a new system presents new challenges, you'd have to learn new systems anyway. Sell yourself as having the background to do that and you should be OK when you find the right company.

    Any security specific education or certs? Anything that shows you're making more of an attempt at specializing?
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Sep 2016
    Location
    VA
    Posts
    380

    Certifications
    CISSP, PMP, CCNP, FITSP-M
    #11
    Skills shortage = shortage of people I don't need to train from the ground up.

    I'm willing to take a chance on someone a little short on skills if they show passion and a home lab is one way to do that. You say you're "trying to set up my own network at home with routers/switches/ firewalls and doing pen testing, scanning etc". "Trying" is a cop-out, you either are or you aren't. With VMware Workstation Player and a host of evaluation products from companies like Splunk and Palo Alto, never-mind Kali and vulnhub, there's little cost associated with learning. If you want the benefit of the doubt, you have to give hiring managers a reason to believe you are doing everything you can learn.

    So what, specifically, have you been doing to demonstrate passion?
    2017: CCNP (done), FITSI-M (done) CCIE Written
    2018: CCIE R/S
    2019: VCP (DCV/NV), OSCP
    2020-1: MBA
    Reply With Quote Quote  

  13. Junior Member
    Join Date
    Sep 2017
    Posts
    23
    #12
    Quote Originally Posted by EANx View Post
    Skills shortage = shortage of people I don't need to train from the ground up.

    So what, specifically, have you been doing to demonstrate passion?
    EANx - I have, first of all, compiled a list of must have or most demanded skills based on my scan of job boards etc. Have short listed quite a bit of stuff and started with a course and hands on practice of wireshark, QualysGuard and SIEM logs. I also tried quite hard to find a video example of an actual incident response but have not been able to find anything concrete.
    Reply With Quote Quote  

  14. Surf Guitar Guy tedjames's Avatar
    Join Date
    Jan 2014
    Location
    Surf City, TX
    Posts
    455

    Certifications
    SSCP, Security+ +4
    #13
    Re: incident response, I don't know if this is what you need, but it might just help:

    https://www.youtube.com/results?sear...ident+response

    Udemy.com also has a couple of $20 courses on incident response. Even if they're not great, you don't have much to lose.

    Cybrary also has a course.



    Last edited by tedjames; 10-17-2017 at 06:48 PM.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks