Information security positions, are there any?

category: offtopic [glöplog]
Hey there, demoscene!

Knowing that there are many IT professional among demosceners, I come to you for guidance.

It happened so that for the past couple of years, having a computer programming education and background, I got interested in information security. On one hand, I feel like I've learned a bunch over the past 2+ years, on the other hand, when I look at how much more there is for me to read, learn and practice, I realise my skill level is merely that of a novice.

So for the past two and a half months I've been living off the remainder of my last job's salary and bonuses, reading one book after another, trying to get my skills from the amature level to that somewhat closer to a professional penetration tester's level. So now I'm in need of a new job and this time I'd like to get one I really care about, the one I've already been kind of "having" as a hobby, without being payed a dime, for the past 2 years, "working" late evening and during the weekends.

What I'm looking for is a position allowing me to pay for food and rent and carry on my learning and research, without being completely juiced out at a totally unrelated primary job.

You can find my resume following the link: https://docs.google.com/file/d/0B9l--BfSVgKbc0VBcnByanFWZnc/edit?usp=sharing

I'd be highly grateful for any help or suggestions on where I could go to next with such resume and if I should try at all.

I'm just wondering if a person with such skills can, via legal ways, make a living. I know there are penetration testing professionals in the western countries, but in Ukraine penetration testing is unheard of.

Thankful in advance for any help provided.
added on the 2013-04-19 11:01:18 by RRROAR RRROAR
I heard that the German government is looking for security experts for their "cyberwar" troops.
added on the 2013-04-19 11:10:49 by Adok Adok
app testing / security / penetrationtesting is a growing market this part of the continent...

(read - isnt outsourced to asia yet)
added on the 2013-04-19 11:13:54 by franky-- franky--
As a pointer for finding more people already in (net)sec http://www.reddit.com/r/netsec
added on the 2013-04-19 11:28:52 by mog mog
Would you be willing to relocate to another country?
Most companies of a certain size, are able to assist new employees in finding appropriate appartments/houses, but it's pretty essential to your options if you're willing to relocate or not. Frankly, I doubt you'll find a tsunami of companies working in that particular line of trade, that would allow employees from other countries unless they relocate to the country of the company. That said - some of the large companies have offices in several countries, making the options a bit wider.
added on the 2013-04-19 11:53:32 by Punqtured Punqtured
I know a few sceners who work as security consultants.
added on the 2013-04-19 12:37:56 by Gargaj Gargaj
Hey RRROAR, I'm a consultant with Accuvant LABS ( http://www.accuvant.com/capability/accuvant-labs ). Looking at your résumé, it looks like you might be a good fit for one of our teams. Mind if I forward it over to a couple people? Good luck!
added on the 2013-04-19 12:47:24 by Daeken Daeken
You can now even get certified as an ethical hacker for stuff like this... Google CEH certification :)
added on the 2013-04-19 12:53:12 by BoyC BoyC
Not sure if that was intended as a joke or not (it certainly is in the security industry), but just in case: please, dear god, don't buy into the CEH scam. It will get you absolutely zero opportunities; no company that actually practices these things gives it even an ounce of credibility.
added on the 2013-04-19 13:04:54 by Daeken Daeken
@Punctured, being able to relocate to a different country is the sole reason why I started learning english 4 years ago :)

@Gargaj, is there a chance for me to come in touch with them?.. i'm available for contact at vladimir.freelance weird_a gmail.com

@Daeken, sure, I'd highly appreciate it! I've sent you the PDF version of the resume to the email posted on your blog. Additionally, I could send a report I wrote after conducting a security audit for a website. It's 18 pages of text in Russian but if it's desired, I could translate it.

@BoyC, I've heard of CEH but never really gave it much attention. I've known about different certifications from SANS institute but with prices nearing 5 thousand dollars per each certificate, which there are more than a dozen, it's fairly inaccesible to a citizen of Ukraine (and with such price tag, not only Ukraine I assume :) ).
added on the 2013-04-19 19:00:19 by RRROAR RRROAR
RRROAR: you just did a few posts above ;)
added on the 2013-04-19 19:49:15 by Gargaj Gargaj
@Gargaj, okay, thanks :)

Anyway, it's not that I've got any rejections by now while trying to apply.. The problem I seem to have is that I don't know where to send my resume. I really don't mind moving to anywhere in Europe or the English speaking world (the US, Canada, Australia, New Zealand) so I looked through job ads in London City. They all seem to have requirements like experience with working for large corporate entities or with some specific ISO standards.

When experience with "large corporate entities" is not what I can currently boast, I can easily acquire any additional skills, like ISO knowledge. Some people can sing beautifully, some can dance graciously, some can fart louder than most. And I can learn fast. Like, really fast. (being mathematically inclined/sucking at languages, it took me slightly under two years of learning English to place 4th in a nation-wide student English competition).

Given this, what should my approach be? Should I try my luck sending applications/resume to just every anyhow IT-sec related company I can find online, even though I don't quite match the requirements, or is there anything else left I should try first? Thanks!
added on the 2013-04-23 13:14:45 by RRROAR RRROAR
You should figure out business/location and apply within.
Don't try to grow too quickly ;) be sure what your dream job is, and act upon it by gaining enough experience to really be suited for that job. That includes taking other jobs for the time being. That's my advice.
added on the 2013-04-23 13:36:14 by xTr1m xTr1m
rrroar: most employers are looking for somebody with both skills and experience, so they can walk into the job and get working without training etc. This is why they're asking for certain experience, they want somebody already in the industry.

However, sometimes teams expand, or the budget is too small but they want more help, and there's a space for somebody junior. So don't give up, but don't expect to see many jobs like this too ;)

Best approach is probably to apply for any jobs where you meet some of the requirements, but lack experience. Write a letter with your CV explaining your situation, and just tell them that while you lack some skills / experience, you'd accept a lower pay amount and you would expect to acquire skills + experience quickly.

Most will say no of course, but if they don't get anyone suitable for the job they might contact you. Or they might have another position later, and remember you, or pass your CV to somebody else.

If there are jobs in the right field but way past your level, don't apply but send your CV + covering letter, in case they have any other jobs or are considering it soon.
added on the 2013-04-23 15:15:13 by psonice psonice
I have worked in this field for 15+ years, none of our staff have experience in the field before joining as each products and marketplace needs its own special knowledge.

We have a particular distaste for 'security consultants' 'pen. testers' and have had bad experiences with some.

Over specialisation in one area or another isn't a good thing, adaptability and the ability to learn is so thats a really good thing IMO and something a good prospective employer should pick up on.

If you're looking the UK, What about registering with a recruitment agency and putting yourself out there on a site like LinkedIn.

added on the 2013-04-24 12:00:59 by Canopy Canopy
I sent you a message to your gmail address (the one mentioned in your resume), but I didn't get a reply, it's been quite a while.... Did you read the mail? :)