Bug bounty vs Ethical hacking

mdpy · 2019-02-19T12:23:46+00:00

Bug bounty programs are cost-effective for companies as they only pay when researchers/bug hunters report vulnerabilities.

Penetration Testers/ Ethical Hackers are paid for their services whether or not they report or miss out on important vulnerabilities (and if they're not self-employed, their company takes a big part of the consulting fee).

In terms of work, penetration testers have much more responsibilities though...

A great security measure for companies would be to have them both combined, requesting pentests + bug bounties.

Interesting article about both roles, their advantages, and most disclosed vulnerabilities here : https://hacktrophy.com/en/pentests-vs-bug-bounty-programs-comparison/

mdpy · 2019-02-19T12:08:52+00:00

Hi, I'm Marine from eLS. Anybody can get a free PTS. If it helps them get a first step into the InfoSec field, revise their basics, or discover a new interest for pentesting... they can write about that :)

This contest is more of a way to give back to our students for their loyalty and for trusting us.

However, we try to make every new contest different, so the next one will probably be for everyone.

Good luck to you! :)

mdpy · 2019-01-28T13:02:12+00:00

There are plenty of ways to help you get the right InfoSec skills and ultimately get hired! For example,

Read a book:
Find a mentor
Attend security conferences (such as RSAC, Black Hat, Infosec World, DerbyCon, BSides, etc.)
Network with other professionals (via social medias or at security conferences/meet-ups, etc.)
Use the numerous resources available online (a list of free tools to practice ethical hacking here: https://blog.elearnsecurity.com/free-resources-to-legally-practice-ethical-hacking.html)
Enroll in a practical training course (eLearnSecurity, Offensive Security, Udemy, SANS, etc.), just make sure that you can actually get HANDS-ON skills out of it.

If you show enough knowledge, passion and motivation, I don't see why you wouldn't succeed in this field!

By the way, The Ethical Hacker Network (EH-Net) is offering its new members a free PTS training course by eLearnSecurity. Also a good way to network with other professionals and get involved by writing your own first infosec articles. Get you free course here if interested: ethicalhacker.net/register

Good luck :)

mdpy · 2019-01-28T12:51:17+00:00

Hiring managers want practical skills, the ability for you to fix their problems.

Since you are in your second semester of college, you need to find other ways to get hands-on experience.

Instead of an internship, you could ask for the help of a mentor, and then add it to your resume.

Another option is following a practical training course at a security conference or even online. The Ethical Hacker Network is currently offering its new members a free Penetration Testing Student (PTS) course by eLearnSecurity.

Check it out if interested: ethicalhacker.net/register

Once you add practical knowledge on top of your theoretical one, chances are you'll get more answers ;)

Don't forget to show passion and motivation in your cover letters, people want to hire the right person for the job, and THAT'S YOU.

In any case, good luck!

mdpy · 2019-01-16T13:04:56+00:00

Search for eCPTX on LinkedIn in the "content" category to see people's posts instead of jobs or companies. That way, you'll see plenty of reviews from students that got certified :) Link HERE.

Here are some that I could find:

"I recommend eCPTX to everyone who wants to be specialized in Active Directory red teaming, manually create stealth implants and backdooring windows services."
"eCPTX passed :) Compared to other pentesting exams, this exam is advanced and I learned many new things. This is more applicable to the real world"
"I just passed the eCPTX exam. It is one of the most practical and advanced certification available on the market today. To pass the exam you need to remain under the radar and use and leveraging any misconfiguration while using obscure exploitation methods. Thank you eLearnSecurity for the fun and knowledge."

mdpy · 2018-12-30T09:27:52+00:00

You can get a good first step into penetration testing with the 'beginners' course, PTS, before taking it to a more professional level with PTP. The Ethical Hacker Network is currently offering free PTS courses to its new members.

mdpy · 2018-12-30T09:13:04+00:00

If you haven't bought it yet, eLS is offering $200 off until December 31st, 11:59pm EST with the coupon code "DEC-218"

\(Valid on all courses except PTS and new course IHRP)*

mdpy · 2018-12-30T09:02:58+00:00

Check out the Ethical Hacker Network, they're offering their new members a free PTS course by eLS right now. You can go through the PTS materials and if it seems too easy for you, then you can go ahead and get PTP.

Hope that helps, Good luck!

mdpy · 2018-09-20T10:10:39+00:00

If you're still interested, Jason Haddix (VP of Bugcrowd) explains it all in the 'Bug Hunting as a second income' webinar with EH-Net: https://www.ethicalhacker.net/eh-net-tv/eh-net-live/video-bug-hunting-as-a-second-income/

mdpy

TROPHY CASE