Backtrack/KALI - Security Career Path?

So far, I’ve completed an Associates in Cyber Security. During my college program, I also became very interested in the Linux world and have also installed FreeBSD.

I also did security related study and exercises within a designated college lab. I have done some amateur hacks including a DDOS against my class room as a demonstration. I have also done a DNS spoof. I would be happy if all I manage to do is become a System or Network Admin, but I come coming back to exploring security.

As the other thread mentioned, I’m running into the “experience required” wall. For now, I’m prepared to work a mundane retail job part-time while trying to build up my portfolio. I would like some feedback on how a person with an Associates should proceed.

I do have a few initial steps in mind:

  • I have one Desktop PC I would like to be my Target and a Laptop I can use to run Kali Linux or maybe Black Arch. The Target PC could be running Debian, Ubuntu, or CentOS and running common server applications. Possibly even intentionally vulnerable services like WebGoat or Metasploitable.
  • I have a general idea of how to make a Bash Shell script, but I feel I need to learn a real programming language like Python.

Longer term, I’m interested in how I may proceed with Certifications. Would Offensive Security be the way to go?

Should I try to do work on the side as a freelancer or maybe on sites like Odesk to get experience?

It is obvious from your post that your passion is security. Thus, you should focus your attention in that area. I have always found that people that follow their passion tend to have the most success in their careers.

The “experience required” caveat is always a challenge for those early on in their careers. But, I think you are on the right track with your thoughts. For those individuals that lack experience, I encourage them to look at pursuing a certification. In most instances, companies will at least equate that to some level of experience. Just make sure it is a certification that companies are looking for. I run into too many individuals that have not done the necessary research prior to pursuing a certification in a certain area. As far as which ones those are, you should be able to get some good insight by perusing jobs from different companies that may interest you, and see if they look for individuals with a specific certification.

In addition, in the open source world, you can always get active in the community. Slowly take on a project as your time allows. Through research, you should be able to figure out a good one that suits your skills. And, I encourage people to get involved with projects that have a strong following. If you do, chances are better that it will have a beneficial impact on your career. Especially, someone in the early stages of their career. It is a great opportunity to showcase your skills in an open forum.

Finally, you can look at doing some freelance work, however, in some instances you may run into the “experience” challenge that you are currently facing.

Just some thoughts…hope that helps.

Thanks for the feedback.

I’m thinking of going after the CCNA Cert. Networking knowledge can apply to security and I also think there is a general need for “Cisco People”. This could help me find stable work to fund further training.

Well respected certification. Probably a good plan of action. Best of luck to you.