2023 Q1 Pentester of the Quarter: Sanyam Chawla

Happy 2023! We are so excited to announce that our first Cobalt Core Pentester of the Quarter is Sanyam Chawla! Sanyam has been a part of the Core since March 2021 and received high praise from his fellow Core members. Sanyam has been in cybersecurity for over five years and works as a Senior Security Engineer. He is CREST certified and holds numerous other certificates, such as OSCP and CPSA. 

Words from Sanyam

First of all, I would like to extend my gratitude for this reward. It is an honor to be recognized for my work as a Pentester of the Quarter, and I am grateful to have the opportunity to contribute to this field.

I want to thank my peers, leads, and the Cobalt family for their support and guidance. Without their help and encouragement, I would not have been able to achieve this recognition.

I am also grateful to my family for their support and understanding of the time and effort that goes into this work.

I am excited to continue my work as a pentester and use this award to motivate me to new heights and aspire to be a Lead someday.

Thank you again for this honor. It means a great deal to me.

The following are some of the tips/pointers I would like to convey to someone who wants to be successful as a Core Pentester:

1. Building a strong foundation in cybersecurity is a must. One should focus on understanding key concepts within computer science and networking, such as how systems and networks work, what threats exist, etc. Staying up-to-date with the latest tools and technologies will help one be more effective in testing, identifying, and exploiting vulnerabilities that others may not know about.

2. One should practice independently by participating in online challenges and capture the flag (CTF) events. This will not only help one in getting hands-on experience but will also help in honing their skills to achieve industry-recognized certifications such as Offensive Security Certified Professional (OSCP), Offensive Security Web Expert (OSWE), Certified Red Team Professional (CRTP), SANS certification. These certifications will demonstrate one's knowledge and skills as a core pentester.

3. Communication skills are very important as one may be required to explain technical concepts to non-technical stakeholders or present their findings and recommendations to clients. These skills will not only help with the above but will also help build a strong network and relationships with other professionals in the cybersecurity field.

4. As a pentester, it is important to act with integrity and respect the privacy and security of the systems and networks you are testing. Hence, always be ethical and follow the rules and guidelines your employer or client sets. Also, don't be afraid to ask for help or seek additional resources when needed. It's okay to admit when you don't know something and to seek the resources you need to learn.

5. Time management and organizational skills are important to take on extra responsibilities or seek additional training or education to improve your skills. This can help you stand out in the field and make you more valuable to potential employers or clients.

6. Working with a mentor or joining a community of like-minded professionals adds great value to your profile. A mentor can provide guidance and support as you navigate your career; a community can be a great source of knowledge and support. Some examples of communities that can help are OWASP, null community, etc.

7. Be a risk taker and try new things. As a pentester, you need to be confident and willing to think outside the box and try new approaches to solve problems. This can help you discover new vulnerabilities and find creative solutions for them.

What the Core has to say about Sanyam Chawla

Why are you nominating Sanyam? 

"He helped me during the initial days getting into the cyber security industry and pentesting."

"I would like to nominate him for his dedication and hard work, which I have seen in him during his CREST Certification preparation. He left no stone unturned and finally achieved his goal."

"Worked with Sanyam in the past. He is a very professional and technically strong person. He approached me while we were working on the project for collaboration, and he shared some useful data for testing, which shows his teamwork."

"I have had the opportunity to work with Sanyam on several projects in the past and have consistently been impressed with his technical skills. He has a strong understanding of Network and Web. He applies this knowledge effectively to solve problems and complete tasks."

"I really appreciate Sanyam Chawla's dedication to the team. His hard work and commitment to excellence are evident in everything, and it's a pleasure to work with Sanyam Chawla."

"He has great technical skills, done many things for the community. Rocked it overall."

"Sanyam is a great pentester, and I have been impressed with his technical skills and attention to detail."

What have you learned from Sanyam?

"I have learned a lot from him on the technical front as well as the way he delivers his updates which helped me to work upon mine."

"He is very knowledgeable. I learned a lot of new things related to network pen-testing."

"I have learned things like how to write good reports and try to escalate the finding to show the better impact of the finding."

"I have learned with Sanyam a couple of new recon techniques and attacks related to XSS and SSRF. He was able to bypass WAF and execute XSS."

"The willingness to continuously learn and stay up-to-date on industry developments"