17:28 <penguin_> hi lattera17:28 <penguin_> you seem to know about the market

1. 17:28 <penguin_> hi lattera
2. 17:28 <penguin_> you seem to know about the market
3. 17:28 <penguin_> wanna help me a bit with finding the right course?
4. 17:29 <lattera> I think what livinded and I both suggested were good routes to go
5. 17:29 <lattera> get your Security+, get your foot in the door by getting hired at a small company or startup
6. 17:29 <lattera> write papers, contribute to opensource pen testing tools
7. 17:29 <lattera> do presentations
8. 17:29 <lattera> eventually get your CISSP
9. 17:30 <penguin_> i can't get through i ve been trying for years
10. 17:30 <lattera> what have you been doing?
11. 17:30 <penguin_> i worked on an intermship
12. 17:30 <penguin_> with some company, but i did not benefit from that
13. 17:31 <penguin_> now its really hard to get a job in security
14. 17:31 <penguin_> i got friends who graduated from sans.edu
15. 17:31 <penguin_> and they got some top jobs, when they previously had nothing to do with security
16. 17:31 <penguin_> just because of their postgrd degree in information security
17. 17:32 <penguin_> no experience even
18. 17:32 <lattera> they likely either knew someone there or just got lucky
19. 17:32 <penguin_> im a programmer
20. 17:32 <lattera> I lost my job as a security analyst, now I'm working as IT support
21. 17:32 <lattera> but the company is already looking to switch me over to security
22. 17:32 <penguin_> that happened to me aswell
23. 17:33 <lattera> so a lot of times, it's just getting your foot in the door, even if it's not for the job you're looking for
24. 17:33 <penguin_> its a really tough market
25. 17:33 <penguin_> working in IT Support, i realised that they use you, and then kick you outta the door
26. 17:33 <penguin_> they promise you stuff
27. 17:33 <lattera> nah, this is different
28. 17:33 <penguin_> but they never comply, they just keep you on the line (companies)
29. 17:34 <penguin_> yea perhaps
30. 17:34 <lattera> my employer is rapidly expanding
31. 17:34 <penguin_> i would say find a bug on his website, and show it to him
32. 17:35 <penguin_> lattera
33. 17:35 <penguin_> is there such a job as a security analyst then
34. 17:35 <lattera> yup
35. 17:36 <penguin_> and whats the purpose of an information security analyst
36. 17:36 <penguin_> or risk analyst
37. 17:36 <lattera> find vulnerabilities, exploit them, and if requested, patch them
38. 17:36 <lattera> at least, that was my job
39. 17:36 <penguin_> thats a researcher
40. 17:36 <penguin_> security research
41. 17:36 <penguin_> e.g: secunia
42. 17:37 <penguin_> i can help you get a good job in security if you want
43. 17:37 <penguin_> if you are as good as you say
44. 17:37 <lattera> never said I was good ;)
45. 17:37 <penguin_> heh
46. 17:37 <lattera> but I do consider myself pretty decent
47. 17:37 <penguin_> hm
48. 17:38 <penguin_> why not make your own then ?
49. 17:38 <lattera> make my own company?
50. 17:38 <penguin_> yea
51. 17:38 <penguin_> create opportunity for yourself
52. 17:38 <penguin_> if opportunity is not there
53. 17:38 <lattera> because you need contracts, you need contacts, you need a lot of stuff
54. 17:38 <lattera> stuff I don't have
55. 17:38 <penguin_> i can help you build it
56. 17:38 <lattera> and time I don't have to invest in gaining that kind of stuff
57. 17:39 <penguin_> keep the it job
58. 17:39 <penguin_> get the money
59. 17:39 <penguin_> and make something which is gona be yours
60. 17:39 <penguin_> i am very experienced in pen testing
61. 17:39 <penguin_> but very unlucky
62. 17:39 <penguin_> ;)
63. 17:39 <lattera> I'm kinda confused... you say you can't get a job in security, yet you claim to be able to help me start a security company?
64. 17:39 <penguin_> i can't get a job because im not lucky and lack qualifications
65. 17:39 <lattera> and you can provide contacts, contracts, etc.
66. 17:40 <penguin_> but im very good at it
67. 17:40 <penguin_> yea
68. 17:40 <penguin_> this is what you need : a website
69. 17:40 <lattera> so if you can provide that stuff for me, why can't you provide it for youself?
70. 17:40 <penguin_> marketing
71. 17:40 <penguin_> cause the works its too much for 1 person
72. 17:40 <penguin_> work load
73. 17:40 <lattera> I don't really do business with people I haven't met in real life, anyways
74. 17:41 <lattera> at least, as far as this kind of stuff is concerned
75. 17:41 <penguin_> yea i know its hard
76. 17:41 <penguin_> im on the same boat
77. 17:41 <penguin_> heh
78. 17:41 <penguin_> this is how it works
79. 17:41 <lattera> there's no reason for me to trust you, you'd have to come to defcon, I'd have to meet you, etc.
80. 17:41 <penguin_> im not in the us
81. 17:42 <penguin_> i could be your point of contact
82. 17:42 <lattera> there are a lot of people who fly in from other countries to go to defcon
83. 17:42 <penguin_> they aint that good to be worth it
84. 17:42 <lattera> I don't start businesses with people I don't know
85. 17:42 <penguin_> heh
86. 17:42 <penguin_> its just some gerontics
87. 17:42 <penguin_> who do over and over the same things
88. 17:42 <penguin_> well you ve tried to help me a bit
89. 17:43 <penguin_> so my advice to you at the moment is: 1. keep the it job and get the money
90. 17:43 <penguin_> 2. you can invest it or save for later and start your own company
91. 17:43 <penguin_> 3. things you need: to be quick and efficient
92. 17:43 <penguin_> hows that done? automated tools msf is good
93. 17:44 <penguin_> you don't need 0day exploits, its different from blackhat
94. 17:44 <penguin_> and you do research and get known
95. 17:44 <penguin_> post vulnerabilities, and people will learn about the company
96. 17:45 <penguin_> are you here?
97. 17:45 <penguin_> :)
98. 17:45 <penguin_> the point is to mix with the right people