

Ask HN: Security Researcher Jobs    - turnersr

Hello,<p>My name is Rafael. I am a third year college student studying math. I am trying to learn about careers in computer security but I can’t find any good resources. Maybe you could help me out? I would really appreciate it.<p>1) Where have you worked? Where are you currently working?<p>2) What are the major differences between working in software development and computer security?<p>3) What security firms would you enjoy working for? Why? Any in Chicago?<p>4) What do new hires usually do for their first year? Do you have a lot of freedom to explore different fields?<p>5) What do you like least about your job? What do you enjoy the most?<p>6) What do you spend most of your time doing? Coding? Debugging? Reading? Code Reviews? Talking to clients?<p>7) What sort of skills do you wish you had before you started working in computer security?<p>8) Do you know of  any security focused open-source projects that use Python or C?<p>9) Did you intern somewhere? Do you have any recommended places to intern at?<p>10) Do you mind if we talked more? How can I contact you? My email is turnersr [you know what] uchicago DOT edu<p>Thank you so much,
Rafael
======
jcr
First of all, put your contact info in the 'about' section of your profile.

There are a _lot_ of amazing people on HN, and some of them are involved in
various aspects of computer security. Contacting them privately might be your
best bet.

Thomas Ptacek (in the Chicago area)

<http://news.ycombinator.com/user?id=tptacek>

Cody Brocious is around here somewhere, but I can never remember his HN user
name, and I "think" he works with tptacek (above) at Matasano.

Nate Lawson

<http://news.ycombinator.com/user?id=NateLawson>

The above have posted to the monthly 'jobs' thread, so they are looking for
people to hire. If you didn't know, on the 1st of each month there is a jobs
thread and a freelancer thread here on HN.

There are also people involved with crypto work:

<http://news.ycombinator.com/user?id=cperciva>

<http://news.ycombinator.com/user?id=JoachimSchipper>

There are many others, so you'll need to dig around.

~~~
turnersr
Thank you so much! Updated my profile.

I tried getting in contact with Thomas Ptacek and some other people, but I
have not received any responses. I'll ping the other names you gave me.

I made a short list of security firms. But I have no idea how to assess them.
Matasano has the most informative website. Do you know of any competitors to
Matasano? How would you compare computer security companies? What metric do
you use?

Matasano

ISEC Partners

Counter Plane

Rapid7

Nss labs

Inverse Path

Stach & Liu

Trend Micro

Reversing Labs

~~~
jcr
> _Thank you so much! Updated my profile._

Nope. All you put in the 'about' section of your profile is the fact that
you're a student in Chicago. Your name is missing and so is your contact info.
The email address used to sign up for HN is never shown, so you need to put it
in the 'about' section if you want others to see it. You posting your email
address in one of your posts, so you don't have any issues about divulging it
(some people do).

> _I tried getting in contact with Thomas Ptacek and some other people, but I
> have not received any responses. I'll ping the other names you gave me._

Give Thomas a break. It's Thanksgiving weekend so he probably has far more
important things to do besides answer emails, namely, family commitments.

> _I made a short list of security firms. But I have no idea how to assess
> them. Matasano has the most informative website. Do you know of any
> competitors to Matasano? How would you compare computer security companies?
> What metric do you use?_

First and foremost, you keep tossing around this undefined phrase, "computer
security," as if it actually means something. The phrase is far to widely used
to mean anything specific, and hence, it is exceedingly vague. Do you want to
get into reverse engineering, auditing, virus analysis, exploit research,
analysis automation, forensics, physical attacks, penetration testing,
cryptanalysis, and the list goes on and on.

To answer your question directly, for me, there are only two metrics that
matter: (1) Do I like the people? and (2) Do I like their work?

In the long run, little else matters. Some people are brilliant but are not
nice, and others are nice but don't do anything worthwhile. Both of these
scenarios are recipes for an unsatisfying working relationship. Do some
research on the people as well as the kinds of things they do, and then get to
know them.

