
Ask HN: A good roadmap for someone interested in security? - sharmi
I am interested in learning about the field of security.<p>1) What are the available areas of specialization?<p>2) I prefer to work as an independent consultant. Is it feasible in this field?<p>3) Would the nationality of a person have bearing on whether the person is hireable&#x2F;employable?<p>4) What is the best place to start to learn and proceed?
======
tummybug
Good question and something I am trying to do as well at the moment (web dev
last few years so I do know some coding Python/PHP/JS).

My own method has been war gaming sites like pwnable.kr, learning C, getting
better at bash, bug bounty programs, playing with security tools (bettercap,
sqlmap, metasploit) and eventually I would like to get OSCP certification.

Would love to hear from people experienced in the profession if there is
anything I am missing or any pointers they could offer me.

~~~
sharmi
The security tools are all new to me and nice way to get my feet wet. Thanks
tummybug!

------
wazanator
I help run our Universities Cyber Security Club so I've sat through a number
of presentations, lectures, recruiters, etc. If someone who's actually in the
field though would like to correct me please do!

1)Specialization is incredibly broad from the people I've talked to and what I
have practiced. You have everything from people who penetration test systems
and software to the people who have to handle access control. My advice to new
club members who are interested but don't know where to start is to go to
Wikipedias entry for Information Security [0] and read through it and other
related pages then pick areas that interest you the most, go find some YouTube
videos that demonstrate them and go from there.

2)It's not unheard of but I would not say it's a field you can just dive into
and hire yourself out as an independent consultant without any experience to
show for it. A common career path I've seen brought up over and over again is
you work for a military branch/government agency for 3-5 years then you leave
and return a week later as a consultant/contractor with a much higher pay
grade.

3)Depends on where you are trying to get a job. A number of companies that do
military contract work for example at our career fair would not talk to you
unless you were a U.S. citizen because of the nature of their work. Banks in
my experience do not seem to care so long as you pass a background check and
we've had international students from our club go on to get jobs in the
industry.

4)Learn as much as you can, specialize but don't ignore the other fields. A
good place to start is to learn what Kali linux is and how to setup a home lab
either physically or virtually through a VM. Join local chapters for
organizations like ISSA and SANS if you can. Also read the news and keep up
with current events.

Sites:

[https://www.owasp.org/index.php/Main_Page](https://www.owasp.org/index.php/Main_Page)

[https://www.kali.org/](https://www.kali.org/)

[http://forensicswiki.org/wiki/Main_Page](http://forensicswiki.org/wiki/Main_Page)

[http://opensecuritytraining.info/Welcome.html](http://opensecuritytraining.info/Welcome.html)

[https://www.sans.org/](https://www.sans.org/)

[https://www.hak5.org/](https://www.hak5.org/)

Books:

If you don't have much experience with Unix or Linux systems, the Unix and
Linux System Administration Handbook ( ISBN-10: 0131480057 ) is really good.

[0]
[https://en.wikipedia.org/wiki/Information_security](https://en.wikipedia.org/wiki/Information_security)

Edit: Almost forgot this site has some good labs
[http://www.cis.syr.edu/~wedu/seed/index.html](http://www.cis.syr.edu/~wedu/seed/index.html)

~~~
sharmi
It is going to take some time to absorb all these resources but I will do my
best! Wazanator, thank you for taking time to give a clear and elaborate
answer.

