Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to transition from developer to IT Security professional


  • Please log in to reply
6 replies to this topic

#1 ebruner

ebruner

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 18 May 2017 - 04:00 PM

Hello, 

I am looking for advice.  

 

I am a web/mobile developer with ~ 15 yrs experience.  I am thinking of moving away from development and into IT Security, but I don't know where to start.

I have a BS CompSci.  In 2004, I completed a Graduate certificate in CyberSecurity just for the fun of it.

I'm thinking that I might want to take a class (online?) to freshen up my knowledge.  Any suggestions?

Also, considering the different branches of CyberSecurity...which would be a good career path for a former developer?

 

I appreciate your comments.

Ed


Edited by hamluis, 18 May 2017 - 05:26 PM.
Moved from Gen Security to IT Certs/Careers - Hamluis.


BC AdBot (Login to Remove)

 


#2 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:04:45 PM

Posted 18 May 2017 - 05:09 PM

personally i would say look at some cisco courses, then there is also some great cbt nugget videos on wire shark which along with cisco will help you strip packets down to the absolute and then look for exploits.

The i would be looking for languages like ruby, python, c++ to create exploits and bench test.

 

Others may give other advice but thats where i would start mate.



#3 dantose

dantose

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 23 May 2017 - 05:40 PM

Hello, 

I am looking for advice.  

 

I am a web/mobile developer with ~ 15 yrs experience.  I am thinking of moving away from development and into IT Security, but I don't know where to start.

I have a BS CompSci.  In 2004, I completed a Graduate certificate in CyberSecurity just for the fun of it.

I'm thinking that I might want to take a class (online?) to freshen up my knowledge.  Any suggestions?

Also, considering the different branches of CyberSecurity...which would be a good career path for a former developer?

 

I appreciate your comments.

Ed

I'm doing classes through Western Governors University. They are an online non profit school. The cool thing is they charge a flat tuition rate by semester of $3000 for graduate schools (not sure off the top of my head for undergrad) and you can take as many classes as you want. It's self paced too, so if you can pass the test day one, you can test out of classes. If you can do an assignment without reading the course material, you are free to work as fast as you want. The course I'm in also has the CEH and CHFI certificates.

 

If you're looking at certs securty+ is a good starting point, then maybe CISSP and CEH.

 

Skill wise, grab a copy of Kali linux and just start messing around on your own network. 



#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:45 AM

Posted 24 May 2017 - 12:45 PM

You can get results faster if you build on your developer skills.

 

Which technologies do you use as a web developer? PHP, .NET, ... ?

 

Have you ever heard of OWASP? https://www.owasp.org/index.php/Main_Page

In which country are you located?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 Smsec

Smsec

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 AM

Posted 07 June 2017 - 06:38 PM

There are some great courses on ethical hacking web apps by Troy Hunt on Pluralsight.com. He's a well respected developer and app security expert.



#6 egjk

egjk

  • Members
  • 23 posts
  • OFFLINE
  •  

Posted 16 June 2017 - 01:10 PM

I think that, as others have suggested, your background is suited to penetration testing, probably specifically web app penetration testing! I second the OWASP recommendation. I recently went to a conference and attended this workshop 'Web Hacking 101' and you can find most of the slides and information here:

https://www.peerlyst.com/posts/bsides-2017-writeup-talk-and-slides-porthunter?trk=profile_page_overview_panel_posts

https://bsides.sh/slides/WebHacking101/assets/player/KeynoteDHTMLPlayer.html#0 (direct links to the slides)



#7 ebruner

ebruner
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 22 June 2017 - 11:39 AM

I'm hesitant to respond to this thread in fear that the great advise will stop.  Please don't.  I live in Philadelphia.  As of right now, I'm leaning toward OWASP & pen testing.  The comments about using my current experience are common sense.  I looked up my local OWASP meetup only to find that they just had one and won't be another until December :o

Perhaps, I can look into Delaware's chapter or NYC.

Cheers, 

Ed






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users