Can you get into security research self taught?

Question

The word &ldquo;research&rdquo; tends to evoke ideas of long, expensive academic careers you have to put in until you can be considered qualified for industrial R&D type roles. But security research seems to be orthogonal to many fields that tend to focus less on credentialism and more on proven past ability. It&rsquo;s not uncommon software devs, other security roles, etc. to be able to break into to their respective fields self taught so is it possible for security research roles?If so, how difficult is it to self teach this sort of stuff and how long would someone with a cursory understanding of exploits, security, etc. to be &ldquo;ready&rdquo; for a industrial role in this field. I get that&rsquo;s a very open question, with widely varied answers based on individuals, but for comparison, it doesn&rsquo;t seem to take software developers that show existing aptitude for the field very long to have the potential for productivity in a industrial setting. Hell there are entire industries around pumping out new programmers in 6mo-1y, and while they may not all be top of the line, if good at all, getting your foot into the door seems to be the biggest step into separating those who are and getting them into the right track.

alltakendamned · Accepted Answer

Well yes, back in the old days most of us were self thaught through articles such as Phrack, or connections on IRC, and lots and lots of experimentation.
I would say today it is both easier and harder. It is harder because the body of knowledge is so much larger, it is easier because so many more materials and exercises are available.
From my perspective, and I lead a team of these security researchers, it is an advanced career path, and still requires a lot of self-motivation. That said, there are more and more definitions of what "security researcher" means, in some cases it means being able to find web vulnerabilities without using Burp, so YMMV.
I would suggest to focus on fundamental skills such as reverse engineering, code review, low-level languages such as C and assembly, interfacing at a low-level with binaries through debuggers and instrumentation etc etc. Those are all broadly applicable. Playing CTF games is a good starting point too, as is auditing open source software.
But make no mistake, it will be a challenge, and it will require tenacity on your part. Good luck !

aurizon · Answer

Depending on your auto-didact capabilities, you can start this process by studying with the various on-line paid courses, there may be some free ones as well. Someone already in security can further advise you the degree of specialisation or granularity for you to pursue. The field is both wide and deep. You can sub-study in Windows, Linux, Unix,IOS - in addition there are sub areas, like data base makers, like Oracle and others. Once you have selected the area you want to specialize in you need to study in depth, following reference trees etc. The paid courses offer certification via tests with their fees. Deciding the particular special area, the next stage is to seek employment at your certificate level(you may have a number of certs). Companies also specialise in areas, so inspect the field. Bear in mind, you will need to acquire system expertise on the system you specialise on = buy a typical system as a practice field, you may have several systems. There are many openings, so recruiters will present you with choices = you apply. If your self study is well done, you will get interviewed to plumb your abilities, and you may get offers. Do not neglect the government, NSA and military, there are many valuable roles you can fill. The famed hackers you have read about are often self taught trial-and-error people, who by perseverance and intelligence have become narrowly specialised at hacking. In many respects a lot of the low hanging fruit has been gathered - that said modern systems are bewilderingly complex and there seem to be a huge number of hidden bugs being found daily. Some are sold to companies by their bug bounty programs, which you may have read about. Some are sold to bad actors who keep them quiet and selectively employ them by national actors. Their value goes down once they are exposed and get exploited for gain - the so called 'zero-day' - when it suddenly gets used for mal use widely and the OS makers try to examine the bug and deploy a patch to kill the exploit as fast as they can. Patch negligence extends the life of an exploit - obviously patched systems are immune. Sorry, to repeat what many may already know. Good luck,

hereforphone · Answer

In the 90s I was a "hacker". I hacked systems, phreaked, and stuff like that. I wanted to be a security researcher. When I got older and that industry evolved, I realized it wasn't something I wanted to be a part of, and that the majority of people there are bureaucrats. Security cert, no assembly or even C knowledge. A checklist and set of acronyms, plus access to metasploit and tools like that - it was 180-degrees from what I wanted.
Long story very short: if you like systems that much, get out of the security industry and become an engineer in an area that excites you.
There are exceptions (1337 low-level programming hacker in the security industry) but they're rare enough that you and I aren't likely to be one.

runjake · Answer

Yes, but you need a lot of motivation, a lot of curiosity and the ability to work through lots of adversity. "Back in the day" almost all of us were self-taught, aside from those epic standouts in good CS programs doing amazing stuff.
I'm not trying to be insulting here, but you asking this here gives me the impression that you don't have that motivation. Because if you did, you would have sought this answer on your own. It wouldn't be the first time, I'm wrong, though.
Dip your toe in and see where it goes. If it's not for you, move onto something else that interests you. It's fine to explore.