Ask HN: Transitioning from game development to cybersecurity. Tips or advice?

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Attack stix Cybersecurity mitre-corporation cti

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • attack-stix-data

    STIX data representing MITRE ATT&CK

    • Some thoughts from someone who has been in the security biz for a while:

    1. Security is more a mindset than anything else. Get used to finding the edge cases. Think "how can I break this..." or "how can I get around this restriction..." Many security folks I know started actually by exactly what you mentioned- figuring out how to bypass copy protection on games, how to bypass client-side checks in multi-player games, ... and so on.

    2. Many pure security folks are very poor developers. You'll have a unique skillset here if you can apply it. Most security oriented folks use Python for quick scripts. If you already know python, great; otherwise, learn it and use that as a marketable skill.

    3. I'm not sure about jumping head first into a consultancy. I'd recommend getting some experience in a security field first. It's hard to have credibility without some experience first.

    4. Don't bother with security+. If you want creds, go and take your favorite cloud provider's security specialist exam. Cloud security is still relatively new, in high demand, and can get you immediate credibility with employers or clients.

    5. I'm a big fan of real-world experience. Set up your own Linux server and try to attack it. Learn what some of the real world attacker techniques are. See some of the following:

    Learn the Techniques, Tactics, and Procedures (TTPs) outlined in the MITRE ATT&CK matrix (https://attack.mitre.org/).

    There are a LOT of "Capture the Flag" (CTF) events and writeups out there. Search for ones in a subfield you find interesting. Security is a HUGE topic. You'll need to specialize. Do you want to reverse engineer code? Secure cloud applications? Help companies define their identity and access management strategy? There's a CTF for all of those and then some. Do some googling around.

    I have a lot more tips, so if you're interested just reply to this comment with a way I can get in touch and I'll reach out.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Mitre ATT&CK: knowledge base of adversary tactics and techniques

    1 project | news.ycombinator.com | 21 Dec 2023

  • Mitre attack framework

    1 project | /r/cissp | 10 Dec 2023

  • PT and VA, how to do it practically?

    1 project | /r/HowToHack | 7 Dec 2023

  • "The Case for Memory Safe Roadmaps" CIA, FBI & Global Cyber Security agencies pan C/C++

    2 projects | /r/cpp | 7 Dec 2023

  • CTF Challenges: Reconnaissance

    1 project | dev.to | 12 Sep 2023