Ask HN: How to be an independent security consultant?
So I've been wanting to switch from software development into pen testing and security consulting. I want to get some practical skillset enough to consult local tech companies. In general, need some materials which I can follow and learn as well as some guidance.
To become a software developer the path is pretty clear, you learn the language, build some stuff on your own, and take on real world projects. I find that this is a bit of a different path.
2 comments
[ 2.8 ms ] story [ 16.3 ms ] threadMy advice is, take a job with a consulting firm to learn the ropes. Then decide whether you want to sink several years of your life getting a new consultancy off the ground. I didn't reliably match my FT salary after starting Matasano for several years.
In any case, if you're looking for things you can do to make yourself marketable as a security consultant:
* (Easiest, but least-bang-for-buck): file bugs, particularly for companies with bug bounties that will credit you. Don't look for bugs in companies that don't offer public permission to test, though.
* Go looking for a vulnerability in a framework, programming language, or major library. By the time you find one, you'll have expertise in that technology, which you can (a) add to your bio and (b) use as lead-gen for work.
* Find a pattern of vulnerabilities. If those vulnerabilities aren't novel, design some countermeasure that fixes them all. If they are novel, you can stop there. Now put together a talk and submit at security conferences. In rough order of prestige, and certainly having left several out: Black Hat USA, CanSec, CCC, Black Hat Anywhere But USA, DefCon, Recon, Toorcon, RSA, Derbycon, OWASP.
Its very nice to hear people say that something you put out years before has influenced their work, or given them a good starting point. I'd wager that if you've spoken at a couple of those top conferences you'll have little trouble finding any work you'd want.