Career advice - Is it possible to get a security job without formal education? What can compensate for the lack of it?
Context: I am twenty and I am a high school dropout. I have a basic working knowledge of software development, penetration testing, vulnerability research, reverse engineering and exploit development. I also have one year of experience as an external contractor for a small IT business - contract that I got responsibly disclosing bugs in their software with them and not through a traditional interview - and a small number of uninteresting CVE numbers.
I am unsurprisingly struggling searching for a job. I know of many working in infosec without a degree, but no one without a high school diploma. Is it even possible? Would a certification - such as OSCP/OSCE or even CEH (which I know to be a well known joke among professionals, but seems to be appreciated by employers) - compensate for the lack of formal education?
I was said that publishing independent research and exploits can be useful, and I am already doing it, though I am not skilled enough to find the type of bugs and write the type of exploits that open the doors I am trying to get in.
How can I prove my value to potential employers in the short run?
You can find entry level positions as an analyst with non graduate certificates, however, in order to grow professioanlly in the segment, you must have a college degree.
