Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!
Any advice on requirements to have a shot at appsec jobs?
I have my sec+ and my job is devops. We do everything in AWS (no on prem at all). However I have no actual cyber experience. Our team is pretty small, so I do as much dev as anyone else and as much ops as anyone else (deploying/managing cloud infrastructure), including standard security stuff like IAM and network configuration. It’s also a small unknown company.
Is this enough to try and directly break into appsec, or do I need to start with another “cyber” role like SOC analyst or security engineer or something like that? I also plan on getting my OSCP at some point soon if that’s relevant.
Hard to give you a definitive answer on this one. I’d say you’d be hard-pressed right now to pull that off without a direct referral or other networked way-in. Job market is condensing, lots of (experienced) out-of-work folks looking for new roles, etc… If you aren’t already in infosec, or you’re not a full-time dev with some security knowledge, it will be tough. Your best bet (roughly) on things to add to your skills/portfolio would be…
- Proficiency with one or more languages that your target role company uses (and evidence of this XP)
- In-depth knowledge of OWASP “stuff” (Top 10, ASVS, etc…)
- Practical XP with attacks/exploits (via experience, CTFs, trainings, Web Security Academy, etc…)
- Some applicable certs
Some other stuff you might find useful…
Thanks!
Do you happen to know what certs would be most “applicable” in this case? Something like OSWE?
