

Ask HN: How do you become a security consultant? - notastartup

Currently on a software developer path. I am enticed by the idea that I could have a single goal to work towards, such as penetrating, discovering vulnerabilities in a system. I feel like I can be free to &#x27;hack&#x27; literally, come up with solutions.<p>However, I don&#x27;t know how to get started in this field. Currently, it seems like black magic, in how people are able to discover zero-days and etc.<p>What are some actionable steps to ultimately become a security consultant, advising companies on vulnerabilities and fixing it for a fee?<p>1. Run sql scanner
2. Email report
3. Offer to fix 
4. Profit???
======
patio11
Being a security consultant involves rather less hacking then you might think
it does. I'd strongly suggest talking to Thomas or whatnot and ask what goes
into selling and delivering an engagement. Just like you shouldn't buy a
restaurant just because you like cooking, don't get into security _consulting_
just because you like the idea of doing security _research._

Also, SQL scanner on a site you have no relationship with is both a) really
freaking obnoxious, b) potentially dangerous, and c) potentially civilly and
criminally actionable.

If you want practice on doing security research, the Stripe and Matasano CTFs
are really good. Other options include "Pick the 2nd or 3rd most popular OSS
application in your favorite ecosystem and start reviewing the code for the
top 10 OWASP vulnerabilities." Spend two weeks on that and you _will_ find
Horrible Things.

~~~
yaur
CTF looks really interesting and at least gives me something to do while I'm
(impatiently) waiting for the crypto challenge to arrive in my inbox.

------
noahc
If you're serious about being a security consultant, I'd checkout
[https://breaker101.daeken.com](https://breaker101.daeken.com). Not sure when
the next class is going to be, but I took the first iteration of the course
and people were able to transition from developers to security consultants if
they put the time in.

Not sure how much time most people spent on the course, but I spent between 3
and 8 hours a week. I took the course mostly for fun and to get more familiar
with security, but I learned all the major web security flaws and a bit of
crypto. Enough that I'd be confident I could find a job in the security field
if I wanted to. It also helps that you can add
Cody([http://en.wikipedia.org/wiki/Cody_Brocious](http://en.wikipedia.org/wiki/Cody_Brocious))
to your references.

If you (or anyone else) want to know more about the course feel free to email
me: noah@noahc.net . I'm happy answer whatever questions you might have.

------
viraptor
Depending on the country, doing 1. and 2. may already put you in court.
Wouldn't recommend doing that without company's approval, unless they're
running a known, public rewards program.

~~~
greenyoda
_" 1\. and 2. may already put you in court..."_

...and you might end up in a Federal prison:

[https://en.wikipedia.org/wiki/Weev#AT.26T_data_breach](https://en.wikipedia.org/wiki/Weev#AT.26T_data_breach)

~~~
artie_effim
you might get out too!

------
joewee
Publish, Publish, and then Publish some more.

You do that two or three times and attend a few conferences and you will have
companies throwing offers at you. Even better if you can get your research
presented at a conference.

There are a lot of good books on security these days. Reversing and The Art of
Security Assessment are two must reads.

------
kjs3
> 1\. Run sql scanner 2. Email report 3. Offer to fix 4. Profit???

Good way to get labeled as a twat by reputable firms. Folks like this are a
dime a dozen. You want to be noticed?

1\. Run scanner. 2\. Fix findings. 3\. Send fixes to maintainers. 4\. Give
them a couple of days to update. 5\. Write on blog.

Reputable shops will be all over you.

------
gesman
Penetrating might be a good idea.

