How are you supposed to get a job in this field?
#1
Hi,
I have been trying for the past 8-10 months to figure out how one is supposed to get a job in Cybersec/Pentration Testing/DFIR.
I am from a that has no infrastructure . 
90% of the population is Uber poor , Very high unemployment rates.
And most people just die because of the 45 C Temperature or Hunger.

I looked a lot into for other countries.
--
USA : Best route is to go into Army , serve your basic training , ask either to be transferred to Air Force or Navy.
In USAF , you can work in cyber security and that is cutting edge . After your experience , if you are performing really good  ; they will transfer you to CIA as a Cyber Sec researcher.
In Navy , you can work as a Cryptologist Technician . This job is closely tied to NSA , you work in parallel with them and this work is boring at times.

Within the Corporate sector of the USA , cyber sec is Risk Management and Vuln Assessment only. No entry level jobs unless you know someone higher up on the inside. Only after you have previous 4-5 years of experience as a Dev or a Network engineering with 1000 Certifications , you can bypass the HR Filter.
--
North Korea : I also talked to them.
Here they screen you in Middle School , their caste does not matter. They only want skills. If you are good , you serve 2 years in military and they send you to Sichuan or somewhere else for Red Team training.
After that , it's pretty much on you to self learn and be good at your job . If not , you are moved into other IT Roles.
--
China : Not much opportunities. Everything is based around on consulting Corporate Wise.  
Most of the weight lies in the Cyber Branch of their military.
Basic Training not required . Need a Bachelors or Masters with some PWNs to your name & little bit networking  .Pay and Subsidy is very good.
 --
Pakistan , Iran & Misc : They run their own unit.
Corporate is non-existent .
Need to have a good track record . You can just approach them and ask if you are a citizen . No CS degree required but preferred 
--
Israel : Lots of roles , will definitely get a job . Just need to declare Aaliyah and off into the IDF.
But and but , the housing prices are very expensive , cost of living is ultra high and things in general are not good.

Israel is the most racist nation on Earth . They have their categories with the European Jews decedents on the Top and the Browns & Africans in the bottom.
This is a real problem on daily basis , even in work.
So I am not white, I go there , I am pretty much fucked.
--
Africa : They have computers?
--
UK : Is actually a pretty good country to live in (only if you are in Sub Urban), lots of job benefits but the competition for entry level and senior level cyber sec jobs in 6x of the USA. Due to the influx of highly skilled migrants.
--
Russia : This one is interesting . I talked to a lot of ransomware affiliates and botnet admins , all Russian speakers.
They explained to me . pre-war ; that most of the cybersec work is handled by the GRU . 

I even questioned a person who was claimed to be working in the GRU and ran a banking trojan infrastructure (Not Trickbot) . 
I found this person after I was interviewing a person who was a core Admin of some other BotNet  .He referred me.
He told me that foreign citizens can work but it is preferred they be on the Russian Soil if you want to get subsidized lodging(Usually a 2-3 BHK Apartment )and protection.
You work in teams of 4-5 people.

If you go down the ransomware route , you will be monitored by the FSB (although they will never arrest you ) and can expect to earn around annual 120,000$ if you have large scale of operations.
You need to pay some money to the FSB for legal protection . The developers of Ryuk , Babuk (Same Family) told me this.
There is of course companies like Kaspersky & others , but they been sanctioned to death. Lehman Brothers of IT World ?
--
Europe : I don't know . Never bothered. 
--
Japan , South Korea : US Vassal States , they follow the same pattern  . There are very less jobs with high cost of living.
--
Latin America : Their jobs depend on US based tech firms outsourcing their SoC operations or expanding them into specific countries . Jobs are pretty much on sight.
Usually low salaries based on 4200 LinkedIn job postings I looked at.
--
Burma and Ceylon : Civil War.
--
AU & NZ : Not a lot of jobs available . Their work is based 80% around AppSec and DevOps , DevSecOps . No pure research roles . Has an active cyber sec community with conferences happening year around.
--
HK  , Malaysia , Singapore & other neighboring countries : There are only developer based roles here

So , what are my options? What am I supposed to do? I did my research , I talked to a lot of people. I talked to certified professionals and "Criminals" alike.

I also looked into exploit engineering & vuln research.
That is not a stable stream of income . Because the time to develop a RCE+LCE on OS level can depend upon (Zerodium payouts 100,000$) 1 month to 1 year.

I talked to the person of Day0 who does podcasts(u/PM_ME_YOUR_SHELLCODE) , He told me I can do it but it should not be treated as a full time job or stable stream of income or as a beginner task.
And that I should not except to make significant money out of selling or even developing exploits as the starting barrier is very advanced to the previous research of mitigations
--

I also looked into FreeLancing , it's not a good scene . Trust is built on White men, not person of color. Hell I wish i could be white. 
I would like to have a job , doesn't matter if it is 12 hour or 16 hour , with a good income where I can live comfortably .
--
Don't have money for certifications. But I pirated every one of them  ,put the VMs on Cloud. 

In my entire nation , there was only one job opening with the Title & Role of Malware Analyst & that was it.

=========
I am considering to just forget about this field and go in Quant Finance .
Read BleepingComputer , Brian Krebs once a week and that's about it . Watch some Seytonic . 
https://www.youtube.com/c/Seytonic

They don't look at your skin colour and the work is really interesting  .You get to work on real world financial problems and entry into the US is very easy with 90th percentile earning 1 Million USD (Base salary of 400 K USD and other bonuses , Bonuses are not taxed , you get Options , Health , Phone )
So maybe I should not waste my time learning my 8th programming language Ruby and instead go do Stochastic Caculus.
========
What would you recommend ? Any feedback accepted.
Reply
#2
Yes, it is a difficult area to enter. I also didn't get it directly as a pentester, but I joined a security company in the developers branch and I'm slowly migrating within the company. But I don't think you should stick to some of your points. The first one is the country, as you can work for any of them remotely (except in government positions). The second point is to worry about skin color. Racism does exist, but the really good places to work won't even look at your face during the selection process. Mine lasted about twenty messages on Telegram and so far I haven't even seen my project manager's face. The best advice people gave me was to start at the base and not try to get a spot in Red Team. It won't work unless you have two or three good certifications.

The point is that there is no entry-level job that pays well and gives you a "comfortable" life. I work between 10~12h a day (plus 6~8h on weekends. It's not mandatory, but as I have little experience I have to work harder to keep up with the rest of the team.) I get paid U$950 a month.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Have any of you made a backdoor on VMWARE ESXi? baka1024 4 8,224 11-04-2021, 06:45 AM
Last Post: baka1024
  What got you into hacking? Atlas 9 29,854 09-30-2021, 02:50 AM
Last Post: MuddyBucket
  What methods/tools would you use to hack a forum (PHP)? choutan 3 10,718 09-02-2021, 03:35 PM
Last Post: Insider
  Using browsers cache to get passwords enmafia2 10 39,381 07-22-2021, 01:12 AM
Last Post: AXIL#SaintV