How did you get into pentesting?
Back in the day, I started my career as a network engineer, where I loved to build computers from scratch and help friends with network configuration issues.
During my career as a network engineer, I learned about information security at one of the security conferences and thought of giving it a shot.
After attending the conferences, I was very excited to learn more about it and started researching it.
During this phase, I was enhancing my skills in application security and giving it a try on private and public bug bounty programs.
After six months of hard work (enormous duplicates, Not applicable, invalid findings), I was lucky with the XSS, for which I was awarded $750.
$750 in 2015 was a pretty good deal for my family and me, and this was a life-changing event. After the award, this encouraged me a lot, and there my pentesting (Information Security) career started.
What led you to Cobalt?
I highlighted my interest in this field at one of the security conferences I met, "Umang" (Cobalt Core Pentester). We clicked on our passion for information security, and he asked if I was open to crowdsource pentesting. He then introduced me to Cobalt.
How has Ptaas been different from other pentesting work you have done?
I love the way Ptaas work. It's very organized. You get to work with extremely talented people across the globe with whom you can share ideas and collaborate with them on an engagement.
What was your first engagement like?
I was surprised by the way the Cobalt team members worked. Onboarding on a pentest was very smooth; teammates were very collaborative and helpful. Instruction about the pentest was very clear.
What have you learned since working with Cobalt?
There are countless things I have learned with Cobalt, out of which I would like to highlight a few of them.
- Client interaction
- Timely execution
- Skills enhancement
- New Technology
Where do you go to learn? What resources do you use?
I usefully keep a close eye on the people I am following on Twitter, see what they are doing currently and read their articles and blogs. I also follow the MITRE newsletter to see current TTPs (Tactics, Techniques, and Procedures).
Additionally, I tried to learn more about the upcoming technologies and see how security would integrate into this.
How have you seen Cobalt change since you first started?
The process has been refined a lot in many ways. Onboarding on an engagement is now much smoother. Constant platform changes are deployed, making the pentester life easy. Cobalt came up with a wonderful agile model that provides greater flexibility to the client for an engagement.
How have you changed since you first started at Cobalt?
Working with Cobalt has opened new horizons for me; I came to meet many wonderful people across various regions, collaborating and sharing ideas with them. As the business has grown, I have had the opportunity to work on more tests and learn even more skills. I have learned a lot from other Core Pentesters. Being a part of Cobalt also has its perks in terms of financial stability.
What would you tell someone interested in joining the Core?
I would highly recommend it to someone interested in such an arrangement as there is always something new going on with Cobalt where a pentester can learn and enhance their technical skills no matter how much experience they have.
How can someone be successful in the Core?
There are many things that one can do to have an impact. Some of them are listed below:
- Make sure to cover each and every part of the application
- Client communications
- Team collaborations
- Timely Updates
- Actively participate in the core channel to solve/suggest a solution to a problem.
Where do you see yourself in 5 years?
I want to grow both in terms of technical enhancement and managerial roles.
In the technical part, I would like to expand my knowledge in other domains like Cloud security, OT Security, Artificial Intelligence, etc.
In the Managerial part, I would like to work on my soft skills and become a role model for newcomers in information security, etc.