I am constantly approached by people looking for work in Open-Source Intelligence (OSINT). Many are hackers wanting to turn over a new leaf and do something legitimate without jumping through regulatory hoops just to prove they have the knowledge, skills, and experience for the job they’re applying for.
If that sounds like you, then you’re in the right place.
Cybersecurity and IT roles within the industry are largely regulated through training and certification courses. Getting certified not only proves you've trained but also that you possess enough knowledge to pass the required exam. This is often what qualifies you for positions in the industry.
There’s also the issue of certification expiration. For example, CISSP, CEH, and CompTIA certifications expire after three years unless renewed. If you miss the renewal window, you must retake the exam.
Although obtaining certifications isn’t legally required – except for government or compliance-heavy roles – choosing not to get certified will severely limit your chances of landing a decent job in IT or cybersecurity.
I love freelancing. It gives me the flexibility to work when I want and to actually live my life without working in a cube farm under someone else’s authority. I want to sit at my own desk, drinking honey mead, energy drinks, and Red Vines without someone telling me I’m being fired for violating half a dozen company policies.
Hired without certifications: it can happen
When I was 25, I was hired by a now-defunct network security and analysis company. I wasn’t qualified for the role. Perhaps it was the curiosity of their human resources personnel that landed me the job. He had googled my email address – my hacker handle – found my YouTube channel and enjoyed my hacking tutorials. That’s how my application superseded an entire stack of more qualified applicants.
It didn’t mean I knew network security, but it showed I thought like a threat actor – an invaluable skill for identifying threats and defending networks against intruders. They were willing to take a chance on me.
Nowadays, if your name isn’t high on the HackerOne scoreboard, considered a top hacker by platforms like HackTheBox or TryHackMe, or otherwise made yourself relevant in the cybersecurity industry, you’ll need something to prove your expertise.
Except when it comes to OSINT.
Networking with others
Luckily, with OSINT, the demand is so small that qualifications aren’t the main concern. The only thing that matters is whether you can get the job done – and, in some cases, whether you can provide step-by-step documentation proving how you obtained the information. We do all this on our own in my private OSINT group, so fact-checking and verifying information is second nature to most of us.
The next step is to remove the proverbial black hoodies and shadowy hacker aliases and start a LinkedIn profile. Yes, I get that sounds pretty cringy. My apologies. I assure you – it helps. I also found it cringy that at every hacker conference I’ve ever attended, people asked for my LinkedIn profile. I eventually saw past my personal bias.
Having a LinkedIn allows you to see – and be seen – by others in the industry, helping you take advantage of valuable networking opportunities that will aid you along the way. Not to take a dig at mainstream hackers today, most of these professionals aren’t aspiring to become something they already are. Therefore, the information they share is far more valuable than tutorials found in Telegram chatrooms, which are largely generated by ChatGPT.
“I love freelancing. It gives me the flexibility to work when I want and to actually live my life without working in a cube farm under someone else’s authority. I want to sit at my own desk, drinking honey mead, energy drinks, and Red Vines without someone telling me I’m being fired for violating half a dozen company policies.”
Freelancing and search terms
There are OSINT opportunities everywhere. However, verifiable freelancing gigs aren’t just anywhere, especially since there are so many fraudulent services and requests for services out there with ulterior motives.
I use platforms like UpWork and Freelancer since they are secure and require government-issued identification to prevent fraud and identity theft. The engagements are informal, so you don’t have to worry about feeling like you’re not qualified to apply for jobs.
It’s important to know that many people looking for OSINT services may not use the term OSINT or be familiar with it when posting for help with their tasks. Other terms clients use may include digital investigator, cyber investigator, and online investigator.
Both UpWork and Freelancer are free to use but come with some limitations. However, I’ve found those limitations do not stop me from submitting proposals for interesting jobs, engaging with clients, and getting paid.
The monetary value of OSINT
Do not forget that pretty much everything is negotiable within reason. While clients post jobs with either an hourly or fixed-price term, you can negotiate different payment structures before or during a contract.
However, if you want to switch between hourly and fixed-price, the client must end the current contract and create a new one. For convenience, it’s best to agree on these terms before starting the contract to avoid unnecessary disruptions.
This is the best part. Most people don’t know the value of OSINT work, so the offered pay is all over the place. Recently, I did a job researching US Constitution ratifications for certain States, with the names of the delegates who signed them. The job paid $100, which only took me less than half an hour.
I even added photos of the ratifications, which impressed the client since the person didn’t know these could be found online in publicly available government archives and other sources.
If you know the job isn’t going to waste your time, even if the pay is lower, you should take it. That’s because completed contracts are publicly visible on Upwork and visible to others.
For example, there’s a really interesting job I’ve been monitoring but won’t touch. The client wants a researcher or OSINT analyst to create a comprehensive list of right-wing extremist events occurring in the US, priced between $5 and $17 an hour. I prefer fixed prices over hourly. Namely, I have a lot of distractions at home, and my ADD keeps my brain going in different directions.
Other jobs, depending on the complexity of the requests, can range from $5 to $1,500+. From what I’ve seen, this could be anything from finding out who made a harassing comment on social media to tracking a threat actor across cyberspace. As long as their payment methods are verified and the requests aren’t suspicious, I will happily supplement my OSINT skills to help solve their problems.
Your email address will not be published. Required fields are markedmarked