How to become a highly-paid cyber security expert


Originally published at:


Let’s ask our resident expert at this job… @japhroaig is this deal a pass? Is being a highly paid security expert worth the stress?


C’mon, at a 92.8% discount, it MUST be worth it!


Pfft. If I was a hacker, I would give myself a 100% discount.


… and: Did you pay $681 for your education/qualification to become a security expert? Are you angry that you overspend $632?


No tats in the bundle! Pfft, amateurs.


Nah. This is the “Ethical Hacker Bonus Bundle”. What you’re looking for is the “Unethical Hacker Bonus Bundle”.


Some of these courses look “ok.”


Is one of the instructions “Be a long term friend to Donald Trump”? Because that’s how you’re going to get highly paid.


Besides studying, you also need to commit to a life of drinking from a fire hose with an endlessly changing threat dynamic and new instances of and classes of vulnerabilities cropping up regularly.


Weigh 400 lbs and have a bed?


So, they have 6159 people enrolled. That’s over $150k. Not bad money, even at the discounted discount rate.

Has anybody done the course? I’m kinda tempted…


No. No no no.

…Well, sorta, but not an effective one. So you’d basically be training for yahoo.



Wait, you meant something different.


For once I am gonna be honest. No really. All of this is hard work, and @enso will at his leisure add even more color and detail, since he is the actual expert.

The fundamentals of infosec are:

  • Coding practices
  • QA
  • Fuzzing
  • Compliance
  • Regulations
  • On going testing
  • On going maintenance
  • Auditing
  • Analysis
  • Reverse engineering
  • Incident response
  • Documentation
  • Education
  • Controls
  • Post mortems

The people, process, technology changes. This is a yuuuge undertaking. So start with one, not all.


But only this once. Because let’s face it, you need some poor sucker to take over your responsibilities so you can go home and sleep on occasion.


Nooooooope. You get to be the expert.

Really, though, I’m not a pen tester or an exploit author. I’m a program manager, an engineering team manager for a gang of fuzzing engineers, and a bug bounty program head. I’m actually pretty shitty at coding by myself. My knowledge is generally pretty high level and meta, not down in the weeds with specific techniques. I know how stuff goes together, in general, but I couldn’t do a lot of this without a lot of time to get up to speed on specifics.

Most courseware is focused on how to be a penetration tester with an emphasis on web technologies. There is plenty of work there but it doesn’t make you a “highly-paid cyber security expert.” Besides, the only people that use “cyber” are governments, their attendant entities, and the military.


*Actual white hat not included.


This topic was automatically closed after 5 days. New replies are no longer allowed.