Getting a hacking job

It is more based on (professional) experience than qualification for the majority of cases.
I work from home in the UK for a company in central Slovakia, and at the time I acquired the job I didn’t even have a degree (though I do now).

I was offered the job due to my challenge site - one of my users happened to work for this company already and after seeing my exploit challenges, approached me in IRC and offered me a trial. 2 years on, I’m still working there.

Another way in is to find someone already in the industry who may be willing to mentor you. My apprentice @Jhype has been under my guidance for 1.5 years and is now a junior admin at my challenge site. She has also joined the company I work for as my protege and she helps out with many of my pentests.

As much as experience trumps qualifications, you should perhaps look into some ethical hacking certs (though stay away from things like CEH, or anything by eccouncil for that matter - they’re pretty useless). OSCP is a great one to look into, and certainly head for a degree if you don’t have one already.

I cannot comment on the pay range as I do not earn salary, I work on a freelance basis and choose which projects to accept or reject - due to this I am paid by project, but am never short of work. This said, money is not the only rewarding factor in such a job - many companies pay for their employees to visit conferences worldwide and these are both fun and educational.

So the third way in is following my own experience - Create some popular site or portfolio in which prospective employers can scope you out. A LinkedIn isn’t a bad idea either.
At very least, keep a tech blog so people can see what you research, what your knowledge-base is and how serious you are.

Thats all from me.

@sabretooth
Thanks for the heads up. I’ve done some freelance work in the past on Freelancer.com and Guru.com, but it’s getting to the point where it’s impossible to get a job on those sites. They are being overrun by people in 3rd world countries that bid very low for jobs they can’t do.
That being said, I would obviously be up for a freelance job if the price is right.

Anyways, thanks for the heads up on the OSCP. I’m going to take a look at how much it cost, and see if I can get that as soon as possible or if my upcoming IT degree with include it.

BTW, below is a link to my LinkedIn page.
www.linkedin.com/pub/craig-bennett-ii/21/32b/131/

On my part, I’d also suggest having a high reputation stackoverflow account. There are many companies roaming stackoverflow.com for employees. The site is by far the biggest and best of quality Q&A portal as far as programming and development are concerned. Though unconfirmed, I’ve heard that people with a reputation of 100k+ are hired for about a minimum of $20,000 salary.

However, as you’re looking for a career in the pentesting sphere, I should add that it’s a good notion to start developing (unless you are already up to it) IDS/IPS systems, loggers, filtration functions, backdoors, shells etc. This would both prove your knowledge on the subject of pentesting and also your understanding of how to prevent attacks. A typical employer would want you to secure the company’s projects and in that manner you might as well take a look at how to prepare security protocols and any write-ups on the security assessment.

I personally got a job as I submitted a CV to a local company and for being an 18-year-old am on a pretty decent level which (the age factor) kinda played a huge role in getting the position. Do not apply for multiple posts in different companies in the same time as you may get yourself into a predicament. Though CVs are not the best way for getting a job, nor guarantee you such, it’s always a good idea to pay a little attention to them as well.

So I would say that on first place, you need to show what you’re capable of. As sabretooth said either through a tech blog, personal projects related to security assessment or anything of that kind. For my case, I also presented a book I’ve written on web exploitation along with a few projects. Hence you might wanna consider this as an alternative or at least a huge plus on behalf of your experience. I don’t mean writing a book (even though this may suit you well), but rather a safety protocol/document (e.g. “Security of Hash Functions - What Should We Do And What Not To”, “My Journey To Exploiting A Vulnerability In XXXX.com” and so on).

I can’t say anything about certificates as I have never attempted to get one in this sphere but I think any would benefit you no matter how slightly. Some of my friends were lucky enough to get a job as pentesters by reporting vulnerabilities in major companies. There are cases of people finding so many bugs in Google’s domains that they were eventually hired on a permanent job. And though bug bounties are not a guaranteed way as well, as I said you should consider even minor approaches.

@Keeper Do you have a degree or are you self taught?
What if one is really good at challenge sites, gets involved in the community and contributes to the sites (on top of other knowledge), would that contribute when looking for a job in the hacking area?

@xzy123prog I have been playing challenge sites since 1999 but not until 2010 was I approached for a position. I tried in the past getting jobs based on challenge site participation, but employers just see these as playing games I guess.

Ok, so I guess making your own challenge site website shows off more of your skills rather than just playing the challenges.

@xzy123prog This said, if you can write some really unique challenges which show off skill for other sites, there is no reason why you cannot then supply these to an employer as part of a portfolio.
Solving some really algorithmic cryptography challenges (check out some of the latter ones at http://bright-shadows.net ) show that you really understand the code and can write to reverse it - and writeups can then be supplied to an employer once again.

I guess it all depends on the type and difficulty of the challenges. I don’t think any on HackThis!! will get you too far as this is a very basic site compared to most others, but branch out and try some of the complex algorithmic challenges, and this could be a good first step

Thanks for the tips @sabretooth, I still have a lot to learn before I can tackle those challenges.
IMO once you have enough knowledge the important thing is to get creative and make things which are different to the rest, this helps one standout from the rest of the crowd.