RE: Internship Tips for CS/Security? 12-02-2016, 04:38 AM
#2
I recently had to go through this process to get my current job and yeah, it is somewhat daunting at first. While my advice for what you should include regarding programming is rather limited, I can tell you what I did for my application for info security positions.
Some tips for a security application:
As a basic guideline - your resume should be the place where you briefly mention your skills/achievements/capabilities, and your cover letter is where you can expand on that information. For example, on my resume I listed that I had found a certain vulnerability, and in my cover letter I explained how I found it and the impact it had on the vendor and my career.
If anything is most important, it's making sure you STAND OUT. Employers get flooded with applications and if you look the same as everyone else then you will get treated like everyone else (rejected). To do this, you have to prove to the employer that you have done/created something special. For example, one of the things I mentioned in my resume is that I had created xss2shell, a tool that leverages XSS to RCE on Wordpress/Joomla installations. This was beneficial because no tool designed with that purpose had ever been released before, demonstrating my creativity, as well as proving that I had in depth knowledge of a common vulnerability found in web applications. As mentioned previously I also discussed vulnerabilities I found and exploited through unconventional means, in order to demonstrate that I could think 'outside of the box' and be a valuable asset to any security team.
If you don't have anything great to put on your resume yet that's perfectly fine, as you still have some time before the summer. But I would HIGHLY recommend you start working on something that will "wow" your employer. For info sec: Find a vulnerability in some open source software and report it. Participate in bug bounties. Create a tool that can be used for vulnerability discovery/exploitation. As far as programming goes, program something that could be of value and isn't already freely available. I wish I could be more specific for you, but like I said I'm more security oriented as opposed to programming.
As far as places to look, the only place I could really recommend is the r/netsec hiring thread: https://www.reddit.com/r/netsec/comments...ty_hiring/. It's mainly security focused but it's where I got my job and I do often see listings for programmers as well. You can also use sites like indeed/monster but I've found that employers on there are less responsive/interested.
If you wanna talk more I'd be glad to help. Send me a PM and we can talk over Discord or XMPP. GOOD LUCK WITH THE APPLICATION PROCESS ITS STRESSFUL AS FUCK LMAO.
Some tips for a security application:
- Include any CVEs/vulnerabilities you have found
- Include any exploits/PoC/Security tools you have made
- Give examples of projects that PROVE you know what you claim to know
- Explain why you are unique/more valuable than everyone else applying
- The more information the better
As a basic guideline - your resume should be the place where you briefly mention your skills/achievements/capabilities, and your cover letter is where you can expand on that information. For example, on my resume I listed that I had found a certain vulnerability, and in my cover letter I explained how I found it and the impact it had on the vendor and my career.
If anything is most important, it's making sure you STAND OUT. Employers get flooded with applications and if you look the same as everyone else then you will get treated like everyone else (rejected). To do this, you have to prove to the employer that you have done/created something special. For example, one of the things I mentioned in my resume is that I had created xss2shell, a tool that leverages XSS to RCE on Wordpress/Joomla installations. This was beneficial because no tool designed with that purpose had ever been released before, demonstrating my creativity, as well as proving that I had in depth knowledge of a common vulnerability found in web applications. As mentioned previously I also discussed vulnerabilities I found and exploited through unconventional means, in order to demonstrate that I could think 'outside of the box' and be a valuable asset to any security team.
If you don't have anything great to put on your resume yet that's perfectly fine, as you still have some time before the summer. But I would HIGHLY recommend you start working on something that will "wow" your employer. For info sec: Find a vulnerability in some open source software and report it. Participate in bug bounties. Create a tool that can be used for vulnerability discovery/exploitation. As far as programming goes, program something that could be of value and isn't already freely available. I wish I could be more specific for you, but like I said I'm more security oriented as opposed to programming.
As far as places to look, the only place I could really recommend is the r/netsec hiring thread: https://www.reddit.com/r/netsec/comments...ty_hiring/. It's mainly security focused but it's where I got my job and I do often see listings for programmers as well. You can also use sites like indeed/monster but I've found that employers on there are less responsive/interested.
If you wanna talk more I'd be glad to help. Send me a PM and we can talk over Discord or XMPP. GOOD LUCK WITH THE APPLICATION PROCESS ITS STRESSFUL AS FUCK LMAO.
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)