Where to get real-world cyber security experience?

Question

Gaining functional experience in software is possible by simply creating applications and tools, but you can also gain real-world experience working on a team through open source communities such as GitHub.What is the equivalent for the security realm that would be worthy of a mention on a resume?

aviramha · Accepted Answer

It really depends on what job you're looking for. Most of the security industry is mostly compliance and having certificates/awareness. If you want to amplify yourself as a hacker, I'd recommend CTFs, reversing and researching public samples, reversing proprietary protocols, finding exploits, contributing to cyber security projects such as fuzzers/pentest tools.

illusiveman · Answer

first you would need to define what are you want to focus on.
for offensive security, it boils down to discover (and get credited) vulnerabilities in other services, or to have certifications (which IMO are unworthy, but as you said "worthy of a mention on a resume"...).
for application security, you can follow the same example you already mentioned, but focus on security topics. Work on authentication and authorization, secure communications, etc.
for blue team, it's hard to have something worth of mention on a resume, unless you have some talks, a podcast, blogs, etc on this topic.

aintmeit · Answer

Just make sure you put yourself in really risky, dangerous, and stupid situations involving your own code. You'll either learn quickly or destroy yourself in the process.