A life without computers never really existed for Furkan Senan. He grew up with a computer that had Pentium II CPU and dial-up internet. He spent every second in front of that computer as long as his parents were at work.
“Some legends say that my first word was not ‘mom’ or ‘dad,’ but ‘My Documents,’” Furkan said.
Furkan was a curious kid, questioning the basic concept of things and trying to find his own answers or workarounds for everything. He discovered cybersecurity when he was just 12, and he and his friends found a software that allowed them to “hack computers.”
“I still remember how I felt in that moment, like I was in a movie,” he said. “That was the rabbit hole for me. I fell down there, and unlike Alice, I could not climb back up.”
He remembers there wasn’t a training field back then like today. They were teaching themselves hacking by trying things in real applications. "At least we had the basic ethical principles of a 12 year old and we did not cause any real damage. Because otherwise, Mom would be very angry!" he said.
His computer was his best friend, and he realized they didn't have a common language. "What kind of person cannot talk to his best friend?!" That led Furkan to programming. Soon enough, he was creating video games and playing them. Even while exploring game development, he was led back to hacking. He landed a job as a Junior Pentester when he was 19.
So far, pentesting has been wonderful and never gets boring.
“Every pentest is a different story to read and discover for me,” Furkan said. “Communicating with different companies from various industries has taught me a lot over all these years.”
Furkan was among the first 100 people to get the Burp Suite Certified Practitioner Certification, and he also holds eCPPT and eWPTX. He notes that certifications do not represent what he is actually doing in real-life engagements; however, he still needs to get them to prove his knowledge to third parties.
His favorite projects to work on are the ones where the customer is communicative and helpful. He likes working with people who respect what he is doing and even will go the extra mile to give them the best experience.
A day in the life of Furkan is relatively simple: wake up, work, eat, work, walk, sleep, and repeat. He keeps his workspace tidy when it comes to tools. His daily bag includes: BurpSuite, Nmap, SQLmap, Gobuster, testSSL, and Nuclei.
For Furkan, every pentest is another challenge. Trying to understand the logic of application development and architecture design and what could cause an issue is a 1000-piece puzzle. Sometimes he encounters technologies he’s never seen before; in that case, he drinks a lot of coffee and starts reading the documentation.
Furkan Senan's Impact at Cobalt and Insights on the Future of Security
Furkan found Cobalt at the end of 2019 through his friend and fellow Core Pentester Berke, and has since been promoted to Lead.
“Since the beginning, my favorite part of working at Cobalt has been the freedom,” he said. “Managing my own time has made me very productive over the past three and a half years. In addition to that, I really appreciate Cobalt’s effort to keep the workload balanced among testers. I have been in many different platforms before, but this is why Cobalt is the best one from a pentester’s perspective.”
The most interesting test he’s been on at Cobalt involved finding a zero-day vulnerability within a very big financial software. It was challenging because the target was highly hardened, but he discovered a weak point that was enough to exploit.
When going into an engagement, Furkan wishes every customer would know what is important for their business and what kind of attacks they are most afraid of.
“It would help us to understand the scope and customize the pentest experience for the client,” he said. “Attacks are not generic; for example, SQL injection may not be critical for every application, but even XSS can be very critical in some cases.”
What does the future of security look like?
“Security is one of the basic concepts of life. Every living creature tries to secure what they have. So humanity is the same. It was only physical security before, but now we’ve improved our technology and invented the Internet. As technology evolves, our work evolves too. In recent years dockerization and cloud computing have come into our lives. Then, blockchain and smart contracts. Now it's Artificial Intelligence. I have seen prompt injection attacks come out already with the recent news. Social engineering for AI targets will be important in upcoming years when we slowly start to see big companies getting hacked because of their chatbot trying to greet some website visitors but accidentally sharing the secret key of the administrative API because the visitor asked for it.”
According to Furkan, security is a game of chess against bad people. He has seen companies pay for firewalls and think that's enough. Asset management and attack surface management are crucial for knowing what you have and where attacks come from, and only then can you plan what you need or what to do next.
Fulfilling Ambitions and Embracing Personal Growth
In terms of goals, Furkan’s short-term goals are to improve himself in fields he has less experience. Long-term, he’d like to start his own company. Learning for him is continuous; he follows the industry on social media, discord servers, and different feeds. He also takes it one step further and sets up lab environments to try everything he researches and answer the questions he has.
Furkan is originally from Turkey, where he misses the food. Now he is settled in Estonia, which he loves because of the fresh air and peacefulness. In his free time, he likes playing the guitar, playing games, and riding his bike.
“I am very thankful for all the opportunities and good, kind people around us in Cobalt.”