Not able to find any job in InfoSec.

[hackinglife]

Hi, i posted a ques long time ago here on how to start a career in infosec, and as recommended, completed python, networking basics and still practicing on kali linux.. :P
But that's technical, now that my B.Tech is over, so i have started to apply for the job, i have applied into almost 50 companies in past 3 months, but hasn't got any reply from either of them.. (through nullcon, naukri.com, monster etc.)
Still don't have CEH with me, so is that a problem, or do i really need a reference to fetch an interview??

[prakhar]

Listen, on what basis companies should hire you?

You don't have any security-related certification CEH/OSCP (personally OSCP is much much better than CEH).

B.Tech is not important AFAIK for security-related jobs, but your skills in security will matter (not talking about running a few point-and-click tools). Then your online presence - exploits, tools, PoC, advisories and etc released by you.

and as recommended, completed python, networking basics and still practicing on kali linux.. :P

There is nothing like "as recommended" thing for security, that if you finish 4-5 things and you are ready for InfoSec career.

And let me quote an "Eligibility Criteria" that a company gave on Null Jobs website, a while ago :

We don’t require a B Tech or BSc degree, but plenty of the team has them. We always look at capabilities and experience first.
Candidates with published advisories, tools, research papers, generally anything that can demonstrate you know your stuff when it comes to web and mobile applications will be preferred.

I guess this will help you and sorry I might have sounded rude at some places

[hackinglife]

Listen, on what basis companies should hire you?

You don't have any security-related certification CEH/OSCP (personally OSCP is much much better than CEH).

B.Tech is not important AFAIK for security-related jobs, but your skills in security will matter (not talking about running a few point-and-click tools). Then your online presence - exploits, tools, PoC, advisories and etc released by you.



There is nothing like "as recommended" thing for security, that if you finish 4-5 things and you are ready for InfoSec career.

And let me quote an "Eligibility Criteria" that a company gave on Null Jobs website, a while ago :





I guess this will help you and sorry I might have sounded rude at some places

no, you weren't rude at all, but you misunderstood some points as i didn't clarified them previously..
Yup i know B.Tech is not important, i mentioned it just to show that now i can concentrate 100% on finding a job and increasing my skills in this field, no more college intrusion now.. :P
And i know that completing python or CCNA modules doesn't mean i am an expert, i did them just to make sure that i can write some basic scripts or can understand the ports or firewalls, in all what all i completed was just to increase my knowledge in this field and has nothing to do with the job..
And i remember that B.Tech quote, it was from a company Security Brigade @ null jobs, yeah they were the only one who contacted me and i cleared all their 3 rounds, but didn't got a call after clearing the interview, god knows what happened..
The problem is i think that i don't have any certificates with me as you mentioned, so that's where my problem lies i think, even i prefer OSCP over CEH, but haven't seen much companies posting OSCP in their certs requirements, CEH is still prevalent for the jobs here, so if i do CEH, will then can i expect companies to contact me??

[c0dist]

Hi hackinglife,

Like you I too am a college student and will probably start job hunting, next year. You said that you completed Python and networking, and that

i did them just to make sure that i can write some basic scripts or can understand the ports or firewalls, in all what all i completed was just to increase my knowledge in this field and has nothing to do with the job..

Ability to write basic scripts or just knowing the definition wont help you in getting a job. I'd suggest since now you've completed basics, why not start developing your skills further? For Python, you could take the SecurityTube Python Scripting Expert « SecurityTube Trainings cert. Highly recommended. In networking field, you could do CCNA certification.

I personally feel that certs really don't matter much, but when you're looking for a job, they certainly add to your advantage.

After getting done with a language you're comfortable with (i.e. Python in your case) and networking, you can actually start digging into what your interests are. There're many options, like reverse engineering, web appsec, vulnerability analyst, security researcher, malware analyst, pen tester, etc etc. There are many options. Just start looking around and for the starters, try to learn as much as possible. When you'll be aware about the available options, things will come naturally to you.

And as for the job, start working on developing your skills, and keep posting what you're up to these days using blog posts, twitter or forum (whatever you prefer, I'd say all).
In simple words, Increase your online presence, as Prakhar pointed out.

Hope this helps. Don't hesitate to ask if I left anything.

Cheers.

[hackinglife]

Hi hackinglife,

Like you I too am a college student and will probably start job hunting, next year. You said that you completed Python and networking, and that


Ability to write basic scripts or just knowing the definition wont help you in getting a job. I'd suggest since now you've completed basics, why not start developing your skills further? For Python, you could take the SecurityTube Python Scripting Expert « SecurityTube Trainings cert. Highly recommended. In networking field, you could do CCNA certification.

I personally feel that certs really don't matter much, but when you're looking for a job, they certainly add to your advantage.

After getting done with a language you're comfortable with (i.e. Python in your case) and networking, you can actually start digging into what your interests are. There're many options, like reverse engineering, web appsec, vulnerability analyst, security researcher, malware analyst, pen tester, etc etc. There are many options. Just start looking around and for the starters, try to learn as much as possible. When you'll be aware about the available options, things will come naturally to you.

And as for the job, start working on developing your skills, and keep posting what you're up to these days using blog posts, twitter or forum (whatever you prefer, I'd say all).
In simple words, Increase your online presence, as Prakhar pointed out.

Hope this helps. Don't hesitate to ask if I left anything.

Cheers.

thnks for the input bro, yeah basic scripting isn't sufficient, i'll take a look into those securitytube tuts, but seems that they are paid..
And for the job, now i feel that certs are not only an added advantage, but a necessity, as almost all the companies that i have applied to ask for a security cert, except the one i posted above and cleared.. My interests are very clear from the beginning: Pentesting...
For online presence i had been thinking about the blog from a very long time, but still couldn't figure out that what should i post there?? i mean there's nothing innovational or new that i have done till now, all of which i practice is just there on the internet, on many sites and forums, my blog would just then be a copy paste of a data already here, this thing has always obstructed me from creating my blog..
Can you give some suggestions on how to increase my online presence??

[c0dist]

Hi,

Yes, Securitytube's Python videos require you to sign up for paid course. You can try searching "Google Python Class". Those videos are very good. Start with those then there are many other options on internet. As for blog post, there are many things you can post. Let me give you an example,

Say you're learning python. You come across a pretty good library named BeautifulSoup. You learn about it and come up with an good program. Now you can post that on your blog so others can learn from it and potential employers can see that you know how to code. Another example, say you're learning assembly and reversing. While reversing some code, you notice some different obfuscation method used by someone, post it. You cant find answer to a question, you can post it on forum. And many other things.

I dont write regular blog but check some of the blogs by Garage members,

1. Rahul Sasi a.k.a FB1H2S - Garage4hackers Forum - Fb1h2s aka Rahul Sasi's Blog - Blogs
2. Sandeep Kamble a.k.a [s] - root@sandeepkl337-ZH:~# _ A Bug Has To Be Fixed
3. Anantshri - Anant Shrivastava : Techno Enthusiast | My journey into the world of virtual reality.
4. Prakhar - Security.log
5. Nikhil Mittal - Lab of a Penetration Tester
6. Mine - RahulB's Blog | InfoSec n' All

Hope you'll have a clear idea after analysing above blogs.

Cheers.

[c0dist]

Hi,
I posted a long reply, but due to some strange reasons, it was not published but instead went to "moderator's check". So, will have to wait till it shows up.

Cheers.

[hackinglife]

Hi,
I posted a long reply, but due to some strange reasons, it was not published but instead went to "moderator's check". So, will have to wait till it shows up.

Cheers.

thanks bro, will wait for the reply, btw, i checked your blog in the meantime, it's really very good, you got some nice coding skills..

[41.w4r10r]

Freshers, try to understand the following scenario:

Most of the jobs in Sec field even do not come to job portals. The get filled by reference from some of their own employees. Especially, the jobs demanding experience from 0-3 years.

Now let say XYZ company asks his employee Mr. Rock, who has a good reputation in office, to get someone with 0-3 years of experience on board.

So what do you (freshers) think how he would approach?

First of all he'll try listing out all of the "deserving" fresh guys who are in touch with him or he knows are good. If he finds someone worthy looking for job, he would refer him for the opening.
If failed to do so, he'll contact all his friends who are into the same domain to check in their contacts to find someone.
If failed to find anyone, job would be posted on some job portal.

So the very important question is, how would Mr. Rock judge whether some one is good enough to perform the job or not?

Ans: The valuable presence of the fresher in the communities or forums which Mr. Rock frequently visits.
With the valuable presence what I mean is....show/share your knowledge politely on forums.
Let others see your arsenal
Let others see what you are capable of doing
Let others see how you interact with your peers
Let others see how you respect your seniors, peers and followers
Let others see your positive attitude and desire to learn new stuff
Let others see your passion for hacking and willingness to make Security as your career

If Mr. Rock doesn't see the above mentioned points, how would he come to know about the right candidate?

The scenario ends here and I believe I made my point clear.

With sharing you not only get in contact with good guys but directly serving the hackers community as well from where you learnt everything and for absolutely free!

So sharing is caring and an indirect help to your self.

Regards


(Copied post of B0nd from one of the thread on garage4hackers.)

Believe me this is very important as me and many members in this forum got their job this way only..
g4h admins and senior members eyes are always looking for good talent

[hackinglife]

Freshers, try to understand the following scenario:

Most of the jobs in Sec field even do not come to job portals. The get filled by reference from some of their own employees. Especially, the jobs demanding experience from 0-3 years.

Now let say XYZ company asks his employee Mr. Rock, who has a good reputation in office, to get someone with 0-3 years of experience on board.

So what do you (freshers) think how he would approach?

First of all he'll try listing out all of the "deserving" fresh guys who are in touch with him or he knows are good. If he finds someone worthy looking for job, he would refer him for the opening.
If failed to do so, he'll contact all his friends who are into the same domain to check in their contacts to find someone.
If failed to find anyone, job would be posted on some job portal.

So the very important question is, how would Mr. Rock judge whether some one is good enough to perform the job or not?

Ans: The valuable presence of the fresher in the communities or forums which Mr. Rock frequently visits.
With the valuable presence what I mean is....show/share your knowledge politely on forums.
Let others see your arsenal
Let others see what you are capable of doing
Let others see how you interact with your peers
Let others see how you respect your seniors, peers and followers
Let others see your positive attitude and desire to learn new stuff
Let others see your passion for hacking and willingness to make Security as your career

If Mr. Rock doesn't see the above mentioned points, how would he come to know about the right candidate?

The scenario ends here and I believe I made my point clear.

With sharing you not only get in contact with good guys but directly serving the hackers community as well from where you learnt everything and for absolutely free!

So sharing is caring and an indirect help to your self.

Regards


(Copied post of B0nd from one of the thread on garage4hackers.)

Believe me this is very important as me and many members in this forum got their job this way only..
g4h admins and senior members eyes are always looking for good talent

+1 to that, though i literally feel bad now, it seems that i wasted too much time on just practicing, reading and sleeping...
never shared, have almost 0 references with me right now, and feeling that i am now too old for this, i should've started this much earlier...
but it's never too late to start, i should probably now start working on something new and start building up my presence, let's see where to begin..