2

Context: I am twenty and I am a high school dropout. I have a basic working knowledge of software development, penetration testing, vulnerability research, reverse engineering and exploit development. I also have one year of experience as an external contractor for a small IT business - contract that I got responsibly disclosing bugs in their software with them and not through a traditional interview - and a small number of uninteresting CVE numbers.

I am unsurprisingly struggling searching for a job. I know of many working in infosec without a degree, but no one without a high school diploma. Is it even possible? Would a certification - such as OSCP/OSCE or even CEH (which I know to be a well known joke among professionals, but seems to be appreciated by employers) - compensate for the lack of formal education?

I was said that publishing independent research and exploits can be useful, and I am already doing it, though I am not skilled enough to find the type of bugs and write the type of exploits that open the doors I am trying to get in.

How can I prove my value to potential employers in the short run?

0x41
  • 23
  • 2
  • This is off topic and will probably be closed. But yes, obtain a CEH and Security+. It will help you get your foot in the door. – pm1391 May 01 '18 at 04:38
  • 2
    This is not only off-topic but is missing essential information. What kind of education is needed for which kind of jobs depends on the capabilities you already have and can demonstrate (usually both technical and social), on the situation at your local job market (are better educated people available or rare), on cultural aspects of the society you live in (is formal education expected, are drop outs accepted) and probably more aspects. Many of these aspects are specific to your situation and are unknown to us. – Steffen Ullrich May 01 '18 at 05:02
  • Get a LinkedIn profile and shout about your achievements/bounties. You only need the one big job and the rest will follow. –  May 01 '18 at 08:52
  • @SteffenUllrich the security industry is almost non-existent in my country. I want to get a job in the US/UK/Europe. – 0x41 May 01 '18 at 09:25
  • @0x41: I have no idea where you currently live but in US/UK/EU you usually cannot get a real job without an appropriate working permission. And unless you already have one you usually only get it if you can show that you have special knowledge where they cannot find enough in their own country. Having dropped out from school will very likely mean that you don't get this special status unless you are much better than most. – Steffen Ullrich May 01 '18 at 10:34
  • @forest And you have stated your opinion as well. They are not bad. With zero education, they will absolutely help you get some lower level interviews. Especially in the government sector. I work with gov't agencies where all they look for is a CEH – pm1391 May 01 '18 at 11:22

1 Answers1

3

It greatly depends on where you live and what your expectations are. If you are looking for a penetration tester job, yes you will have a chance. The field is in general very understanding for one's past but you will have to prove yourself very often prior getting hired by solving some sort of challenge. Some companies even offer internships. With regards to the mentioned certifications, I would suggest you do the OSCP. Forget about CEH. I even know people who sort out your CV and not return to you if you list it! It has a bad reputation.

My advice for you:

  1. Reserach the pentest companies where you live and if your countries market has a specific preference for a certification
  2. Join DEFCON, OWASP chapters in your area
  3. Attend conferences - especially smaller ones, don't bother Las Vegas for now, that are close to you and start networking!
  4. Write blogs, read blogs, blog! Make yourself a profile
  5. Network, Network, Network You're more likely to land a job if you get internal referral in your position. But you also have chances without.

Good luck and welcome to the most amazing industry on this planet!

Tree
  • 54
  • 1
  • @forest absolutely, I could have been more clear. Many great pentesters that I know have no certificate at all. – Tree May 01 '18 at 09:38