How To Gain Infosec Experience Without An Infosec Job

Want to find a job in infosec but lack the necessary experience? Check out Alessandro Innocenzi's guide to earning that experience in pentest labs, sandboxes and bounty programs.

How To Gain Infosec Experience Without An Infosec Job

If you want to work in the security world but you have no experience on your resume (for example you have worked as developer or system engineer in different fields), it can be very hard to find a job in this field. But do not despair, below I outline a number of ways you can go about gaining some real experience without being hired first!

Many famous e-learning websites (such as PluralSight or LinkedIn Learning), or specific websites like Hacker101, have very interesting and well structured courses about networking, development and security, with which you can learn a lot.

After these courses, you can try to take certifications (for example the CompTIA Security+ or the C|HE), but some certifications require a deep practical knowledge (take a look to the OSCP).

But… How can you study and improve your skills if you don’t have the chance to do it in your actual job rule?

The best way is to use a Penetration Testing Lab.

Hack The Box welcome message.Hack The Box welcome message.

Penetration Testing Labs

Penetration testing labs (or pentest labs) are environments created to learn and improve the penetration testing skills, they are usually composed of a single client or server (accessible online or available virtualized ready to download) or a network of clients and/or servers (accessible via a private VPN) with different levels of vulnerability. You can start with simple common security problems up to complex scenarios to solve using a mix of attack techniques.

Here some interesting pentestlabs (description from their official websites):

OverTheWire: The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games.

Exploit Excercises: exploit-exercises.com provides a variety of virtual machines, documentation and challenges that can be used to learn about a variety of computer security issues such as privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering, and general cyber security issues.

VulnHub: The aim/goal is to provide materials that allows anyone to gain practical ‘hands-on’ experience in digital security, computer software & network administration.

There are many pentestlabs, both free and paid, but I think these are very good to start with.

Not only for experience

There are pentestlabs where you can compete with other hackers on different challenges to climb the ranking.

HackTheBox is one of these, where you also have to hack the invitation page!

Usually we can see write ups about capture the flag (CTF) challenges, with which we can study and learn new techniques to solve some problems. HackTheBox, like others labs with a ranking system, ask you not to share the solutions about their challenges.

Ok, now your question is:

Why do I have to compete with others and not share my experience and solutions as an Ethical Hacker to growth all together?

Because the ranking in this case is also used to find a job. Imagine that everyone knows the solutions and that the ranking is the same for everyone, your expertise (and also that of others) would be diminished.

Road to the Bug Bounty Hunter

We have practiced with pentestlabs, we’re climbing the HackTheBox ranking, ok, maybe we’ll find a job but in the meantime we also want to make money with our new skills. How to do?

According to Wikipedia:

A bug bounty program is a deal offered by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities.

Some hackers make tens of thousands of dollars hunting bugs and vulnerabilities, mainly through bug bounty platforms.

HackerOne is one of the most famous, where companies like Intel, Rockstar Games or WordPress start bug bounty programs with specific rules such as reporter requirements, eligible reports, rewards, scope, etc.

You can create an account and start to hunt and report real bugs and vulnerabilities on websites, IoT, mobile apps, API and so on earning money!

In the end

As a newbie in security field, I’m always looking for new challenges to study and learn new things. My imperatives are “practice!” and “hands-on!”, because without them you can’t evaluate your knowledge and improve your skills.

I hope these imperatives are (or will be) yours too! Make sure you write up everything you do and publish it through Secjuice.com, it will help build your communicatiion skills, help you explain your work to others and raise your professional profile as an operator in our space.

Main Image: Coding Laboratory by Valentine Kirilov