So my "entry path" was through customer support actually! I stumbled on an job ad. I was searching specifically for support jobs as my "plan" was to get in support. By starting in support, it enabled me to get a better knowledge of how things worked inside the company so that I could lay out my next steps. As you may assume, tech companies work very differently than other traditional jobs!After about a year of being in support i managed to gain enough knowledge about our product to fully understand it. Came a point where the company's security department hosted a CTF and I knew this was my time to shine :) I ended up winning it and that's how I got my foot in the door so to speak. The security manager now knew my name a and that I had some skills so that's when I started pushing more into showing interest in that field. After a few weeks of getting to know the security team better and showing active interest into security (even from within the security department), I applied internally and got the job!!

Tryhackme has been an incredibly great starting point. From there Udemy was also a great source of knowledge to learn stuff more in-depth.

I didn't have any when I applied for the job. I'm currently working on both my Sec+ and OSCP for compliance purposes :)

I personally think I'm paid very well but I know some countries tend to be more cheap on security analyst salaries for whatever reason.

Where I currently am based, I'd say you could live decently (if living with your significant other) on ~50K. I'm currently paid 90K and I'm on the "high-end" of the typical entry-level pay.

I have to start by stating that I do not work for a security company, I work as a pentester for a tech company.

The company which I'm working at is very active on preemptively detecting CVEs (with tools like Snyk for example) in our dependencies so Metasploit doesn't really fit the kind of pentests we typically. Most of our products are either built in-house or heavily scanned before being deployed. I do however use tools that are a little more focused on certain aspects to do my reconnaissance or to catch reverse shells when it comes to it like Burpsuite, Pwncat, Feroxbuster, etc..

In terms of findings CVEs, since I only do research on our own product, I don't really "find CVEs" which will get indexed into the CVE databases. I will typically find flaws that will get patched before reaching production or that will quickly get hot-fixed.

I have to say what I enjoy the most is the cliche "I'm in" feeling. It's usually very hard to find serious vulnerabilities in well designed product but once in a while you'll find a very unique or odd way of making something do something it's not supposed to and it's an insanely satisfying feeling :) I am also a staunch believer that what I'm doing is "for the greater good".

Oh and I do create exploits but typically they are very specific to the use-case and wouldn't be very useful in the wild. I do however work on some internal projects that should be made open-source at some point but they are typically more recon centric.

I will typically try and reach out in multiple ways to the company to initially let them know of my findings. I will search for a `.well-known/security.txt` or an official security team email. If I can't find anything, I'll try and reach out directly to people via their work email. I will then wait a couple of weeks and try to reach out once more but this time broadening my "scope" even more (sending emails to more people and repeating those I've sent initially).

If after a few weeks/months, I will try and reach out via public channels to the company (twitter, facebook, instagram).

I have yet to fail to reach out to a company (gladly) so I have thankfully never had to weigh the pros and cons of exposing a vulnerability publicly for the "greater good" of the community so I can't really say what I would do if all channel of communications failed.

It's probably one of the first tools when I don't know what's running on a given server! Such a useful tool for initial recon!

In terms of actual exploits I've come across an unusually high number of debug werkzeug consoles that were publicly available via a "staging" subdomain (ex: staging.mywebsite.com). The pin authentication can be relatively easy to bypass in certain circumstances essentially giving an attacker direct access to the machine to run malicious commands.

It's not an exploit per se, more of a security issue but I often find secrets that are accidentally public. By secrets I mean API keys, AWS access keys and stuff like that. Put into "wrong" hands (depending on the privileges the key has) it can lead to disastrous results. I've done so multiple times especially when it comes to something I've found on one of our clients websites.

Another one which isn't much of an exploit but more of a widespread bad practice is phishing resilience. A LOT of companies don't take phishing exercises seriously despite most of the recent cyber attacks using them as an entry point into a company's systems.

What a great question! I would say the first things I would recommend learning is Linux in general. It's widely used and an industry standard when it comes to running something on server. A lot of pentesting tools are also designed to run on Linux so one way or another, you'll have to learn you way around a terminal. Tryhackme has a great Linux/Unix terminal learning path for free (iirc).

Secondly, try to understand the basics of programming. Python and Javascript will come very handy for automating simple tasks/scripts. It's also very important to be able to read code to better understand what's going on under the hood. Codecademy and Freecodecamp are great ressources for this!

Third, I'd recommend knowing the basics of network protocols. Udemy is a great ressource for that type of stuff. Understand the HTTP protocol, getting a rough idea of how TCP/IP works, etc.

After entering as an apprentice, work on making yourself processes for when you'll be pentesting. Take notes on what was successful, what was not and you'll eventually start seeing patterns of things that come up often. This will be the stuff you'll wanna start working with when going on a new engagement as they'll often be your entry point into a more serious security flaw.

I didn't have a perfectly straight learning path but something in the lines of:

Learning linux -> Learning the common network protocols -> Getting some solid bases with a couple of programming languages (in my case python, golang, js) -> getting some experience with various tech stacks by running stuff on my homelab -> competing in various CTFs and gathering exploit knowledge through that -> bunch of online classes on security basics

I work for a company! I'd say tech is a perfect place to come in without a degree. A lot of companies would rather hire someone who's good (however they got good) than hire someone purely because of their degree. You obviously may have to grind a little more and try to make yourself shine but that's the hardest part. The second you got your foot in the door, you can officially put you're a security analyst and a bunch of doors open :)

If there's a will there's a way! The path to making it may be a little wavy and tiring (you'll doubt yourself, you'll fall into tutorial hell and have trouble getting out of it, etc..) at times but when you get into the industry it's very worth it imo.

Oh and I almost forgot, keep track of what you've achieved! It may not look like much, but showing you not only "know" stuff but have also managed to apply it is a great way to show you've got skills.

1. I'd say JohnHammond, TheCyberMentor and XssRat are great starting points on YouTube. Network chuck also has some interesting linux videos.

Before getting into hacking per se, get to know your way arround linux as you will be using it a lot. Tryhackme has an amazing Linux track.

2. The majority of the job is typically either at tech companies (not necessarily IT, in my case I work for an AI centric company) or working as a contractor for a bigger security audit company (cobalt.io for example)

3. Your AD experience will be priceless. Especially if you specialize in network pentests. In terms of time, kinda hard to say. You can either grind your way through being very good and "showing what you got" or you can start collecting certifications. I sadly couldn't really give a time frame because it can change so much from one person to another. If you can get your Sec+ and your OSCP with prior networking knowledge (AD for example) you should be good to apply.

Great question! I say I must've started poking arround at something like 15-16.

It kinda depends really as there are many external factors and it kinda depends on the free time you have and the speed at which you progress. I'd say maybe a few years if you're only learninf on the weekends. But it also heavily depends on finding a company that's open to someone with no prior cert/diploma

So this is a tricky question. Where I'm from you'll either make a crapload of money by going welding in mines or you'll be poorly paid if you want to work not too far of the city.

In my case I couldn't go work in mines. After 7 years as a welder I barely made more than someone who worked at McDonalds. Odds are this answer is completely useless if you're in another country tho. I (think) there's decent cash to be made in the US.

I think you may be a great fit! Offensive cybersec more specifically really needs you to think out of the box and this is typically where hardware folks excel as we usually often need to think out of the box when trying to fix a big mechanical problem. You can't just "reprint" that big gear with a broken tooth lol

I would say start somewhere like Codecademy or Freecodecamp. Also, once your fluent enough, try to automate some small tasks you think are annoying to manually so. Small projects will teach you the most!

Your welds will be crap in the beginning and it's normal. Don't get discouraged.

Pay very close attention to what is going on in your weld puddle (the part of the metal that's in fusion while welding it) as it will give you every detail you need to know if you're moving too fast/slow and if your settings are correct.

Always get comfortable! This is very important. Welding is nearly all about steadiness (to get a good looking weld) so make sure you're always comfy before laying a bead.

Wear coton clothes. You will catch fire and it's ok, you just don't want anything melting on your skin.

Avoid staring at someone welding without your helmet on. Getting a flash is not joke.

And finally, have some fun!! Especially if it's as a hobby. If left the welding world because of the industry but it is an amazing hobby of which I'm still in love with :)

I'd say they make me heavily cringe but I don't really care about it tbh it's not like they have an actual impact and most of the time they end up "dos-ing" themselves lol

I would say yes. The good classes I bought were under 100$ and typically included exercises and had great lectures.

1. Always a tech person! Always loved messing with various computer related stuff and getting my hands dirty to see what more I could do with X,Y or Z. Or trying to host a website just to "see how it works" and stuff like that.

2. It was rough to be honest. This image describes it best. You start to learn bits and pieces to the point where you can glue stuff up but don't quite understand it. Then comes the point where you start to understand it and you realise just how much you actually understand jack shit lol

It was mainly a process of "uh, I wonder how to do this. Let's try!" and then being exposed to more stuff I didn't know and trying to learn about those too. Mainly through YT, various tutorials and reading solutions to some Capture The Flag challenges.

3. I don't as of now but I'm working on it. Sec+ and OSCP are kind of industry standards despite them not being super up to date. HR will typically look for those. To actually "git gud" tho I recommend the PNPT.

4. As stupid as it sounds, having a good Google-Fu will take you places. Just show how fast you can learn and how much you're willing to do it. Showing some knowledge about linux, saying you have a homelab and stuff like that can help as it shows hands on experience. If you won a prize at a CTF that's also a good to know.

5. Not familiar with NCL sadly. And I'm not familiar enough with the SOC analyst role to be comfortable giving you advice sorry :(