Career Interviews With Cybersecurity Professionals

Learn How To Start Your Career

Read Their Advice, Tips And Suggestions

We've Interviewed Dozens of Cybersecurity Professionals Asking How They Got Started

Who Better To Ask Than Those Working In Cybersecurity How They Started Their Career?

In this section we interview (and continue to do so) Cybersecurity Professionals to ask how they got started in the Industry.
Michael Santarcangelo

Michael Santarcangelo

Biography

I develop exceptional leaders and powerful communicators with the security mindset for success. This includes: security leaders, business leaders and solution providers.

It starts with Straight Talk – a framework for leaders to bring people together and give them a voice without wasting their time. In the process, they build confidence in the three key areas of domain knowledge, alignment, and resilience of direction. The result is better decisions faster; and consistently.

It’s a remarkable way to (im)prove your leadership and communication.

What Do You Do Within Cybersecurity?

I help leaders and teams get the straight talk they need to get the results they deserve. That means working to improve leadership, communication, and the mindset of success. While we continue to advance technical solutions, the real key to success across our industry is improving how we clarify focus, prioritize effort, and execute our best next step – in alignment with our organization(s).

Did You Always Want A Career In Cybersecurity Or Do You Migrate Into It?

I got started before it was a career path. I asked too many questions; was tasked with getting solutions and that made me the security resource.

What Advice Would You Give To Someone Trying To Break Into Cybersecurity?

Why? What drives you. What’s interesting. Why? While the salaries might be on the rise, this isn’t a gig to make a lot of money. If someone wants to get started in security, figure out what appeals to them and then map out how to exploit that to their advantage. The skills are teachable. What matters are the aptitudes. Are you curious? Tenacious? Able to wrestle with problems that have a lot of moving pieces, some grey areas, and a variety of acceptable solutions? I advise people interested in security to study sales, communication, and leadership. Even in high school and college. We need these skill sets more than ever – and they’ll serve you well.

The key in security is trust. And experience.

Build both with local maker spaces. Get to know the people around you. Reach out for help and advice. But then honor your word and their investment in you.

How Important Are Cybersecurity Certs And Which Ones Would You Advise?

When you’re starting out, certs are a way to demonstrate a technical knowledge. As your career progresses, hopefully you rely on them less. I’d start with the CompTIA Net+, A+, Security+ and see what appeals to you. There are probably others that matter…


Back To The Top | Contribute

Sophie Sanderson

Sophie Sanderson

Biography

I am a UK based Cyber Security Recruitment Consultant working for Hewitt Britton. Although I have no certifications within InfoSec I regularly advise graduates/juniors on how to break into the industry and get their first ‘real’ job in Cyber Security. I pride myself on being a recruiter that understands their industry well and someone who gives honest and upfront advice.

What Do You Do Within Cybersecurity?

Cyber Security Recruitment.

Did You Always Want A Career In Cybersecurity Or Do You Migrate Into It?

I started my career working in Java recruitment, so I have always been involved with technical recruitment and cyber security in particular has always been a strong interest of mine. When I joined Hewitt Britton, we decided to go full force with cyber security recruitment due to it being an exceptionally fast growing industry, so there would always be a need. I am constantly learning about the ever changing world that is ‘cyber security’, it’s an area I can honestly say I enjoy learning about and recruiting for.

What Advice Would You Give To Someone Trying To Break Into Cybersecurity?

I speak to graduates/juniors on a daily basis, whether it’s for an informal chat about the current market or to discuss potential entry level roles they may be interested in. My advice for someone looking to break into the industry would be to use absolutely everything that is available to you. There are always webinars, blogs and online courses available online which I strongly advise people to take part in. Social media is also an excellent avenue for getting involved in discussions about cyber security and recent InfoSec news/incidents. The Open University also offers a free ‘Introduction to Cyber Security’ course, which is useful for someone wanting a very brief insight into the industry. And of course, getting a degree in a cyber security related subject is always beneficial. The nature of Cyber Security requires you to constantly stay up to date, due to how quickly it’s expanding and developing. Therefore, I always encourage candidates to research and monitor new technology and news.

How Important Are Cybersecurity Certs And Which Ones Would You Advise?

To a degree, certifications are always important, especially in relation to the legal side of cyber security. In my experience, it all depends on the company and what work they are involved in. Some companies will require you to have certain certifications and others it may just be a preference. It would be best to choose an area of cyber security you want to focus on and choose certifications that are relevant (e.g. Ethical Hackers may take the CEH exam exam or for Network Security you would take your CCNA as the first steps).


Back To The Top | Contribute

Jonathan Gibson

Jonathan Gibson

Biography

Jonathan has a range of experience as a security consultant, network administrator, and web developer. He holds certifications in the security field and has a CEH, maintains a security blog and serves as CTO for a charitable foundation.

What Do You Do Within Cybersecurity?

I run a small cyber security firm, we offer many services from backup solutions to network and application testing.

Did You Always Want A Career In Cybersecurity Or Do You Migrate Into It?

Yes, I’ve always wanted a job working in security.. I got my first computer when I was four and fell in love. that and a lot of hard work a lot of trying, practicing and learning I’ve earned my way through the tech industry and I’m glad I did, at the heart of it we’re a loving and caring community and I’m glad to be apart of it.

What Advice Would You Give To Someone Trying To Break Into Cybersecurity?

Just keep trying and never stop! the bad guys don’t stop so why should we. Learn one thing new each day take it slow at first and you’ll grow. the security sector of technology is vast so, to begin with, you might want to figure out what really interests you so the answer below might pertain to you or not but still it’s good to be well rounded that’s what working in this industry requires.

Start by learning your own and other operating systems: Windows, Linux, and Mac OS. Learn how to defend them and harden them, learn what makes them weak and what makes them strong and learn their local language PowerShell for windows and Bash for Linux.

With your gained knowledge about operating systems and how to defend them you should move onto networks. Routers, Switches, Hubs, Firewalls, IDS/ IPS etc. Learn how they work, communicate with each other and other things and how to properly configure them.

Next, depending on what you plan on doing a programming language can go a long way. Most high-end security jobs and even some entry level one’s require you to be able to know how to or at least have an understanding of coding. most popular languages for a job’s in the security industry range from Python/Ruby to C/C++ depending on what you’re doing. Knowing how to make a website via HTML/ CSS & JS is also very helpful. remember security covers all aspect of technology bad code is bad code no matter where or what it’s written in.

Now the fun part begins, you’ve learned how to defend your own computer and your network. You’ve learned a new programming language or two you can even now automate things with PowerShell so what’s next? this all depends on you… by now you could be ready to be a great blue team member- a person who defends networks and computer systems- with your knowledge of automation and some programming you can be on your way in the industry or you could take it one step further learn how to attack there are many Linux Distros to be used for penetration testing and I’ll leave the research up to you, but most people start out with Kali Linux.

How Important Are Cybersecurity Certs And Which Ones Would You Advise?

I honestly wish I could just say no certification is worth your skills are far more important but then I’d be leading you into never getting a job unless you got extremely lucky. Since this isn’t the case I’ll start from the top down.

Your highest goal should be the OSCP and other certifications like it, currently, no other certification reaches the level of the OSCP but it’s one of the most valid proofs of your ability. CISSP and CEH are also very good starting points I’d recommend taking the CEH as your starter cert and not the Security+ because the CISSP requires five years of industry experience it would be wise to pursue other certifications in the mean time as well as making your way through the industry from job to job. Good certs to start with after the CEH include GIAC line of certs and if you wanted to work in cloud technology the azure and AWS security certs respectively.


Back To The Top | Contribute

Balaji G

Balaji G

Biography

Working as a Cyber Security Engineer. Having hands-on in internal/external network VAPT as well as web application VAPT. (Including cloud environment for network/webapp). Having good hands-on OWASP and PTES standards.

What Do You Do Within Cybersecurity?

I’m a Cybersecurity Engineer.

Did You Always Want A Career In Cybersecurity Or Do You Migrate Into It?

Yes I really wanted to work in cybersecurity.

What Advice Would You Give To Someone Trying To Break Into Cybersecurity?

Build up your technical skills based on Network and Web Application knowledge and try to get anyone of the well recognized cyber certifications.

How Important Are Cybersecurity Certs And Which Ones Would You Advise?

Certs play a partially vital role in Cybersecurity. We can easily use technical skills learned from taking certs and for the rest you’d have to learn additional skills. My recommendation for a lower budget is OSCP (Offensive Security) but if you want something higher then go for the GIAC (SANS).


Back To The Top | Contribute

Rajivarnan

Rajivarnan

Biography

I have an overall 6 years of experience in Information Security, which includes of professional experience working as Penetration Tester and Security Researcher. I am highly passionate, motivated and hard working individual.

What Do You Do Within Cybersecurity?

I am responsible for conducting research based on new Cyber Attacks, Malware, Creating Pentesting Tools, Writing White Papers and more!

Did You Always Want A Career In Cybersecurity Or Do You Migrate Into It?

I always wanted a career and a job in Cybersecurity.

What Advice Would You Give To Someone Trying To Break Into Cybersecurity?

Make sure you learn the latest technologies and techniques.

How Important Are Cybersecurity Certs And Which Ones Would You Advise?

Certs is not important overall, I would suggest OSCP by Offensive Security.


Back To The Top | Contribute

Jay Patel

Jay Patel

Biography

I am a computer engineering student and also an Independent Security Researcher at Hackerone. I participated in many multinational bug bounty programs and successfully got bug bounties and also listed in many Halls of Fame.

What Do You Do Within Cybersecurity?

Bug hunting!

Did You Always Want A Career In Cybersecurity Or Do You Migrate Into It?

Three years ago, I play counter strike a lot, and some players do hacker things on it, so I became really curious about it, and Googled “How to hack counter strike”, then after several months, I want to learn how hack a Facebook account, and at that point I discovered that Facebook have a bug bounty program, and research about”what is bug bounty and all” and now I am here.

What Advice Would You Give To Someone Trying To Break Into Cybersecurity?

Don’t directly jump into bug bounty, first try to find some bug in that company who provide only hall of fame because only few hunters participate in that program, so it’s great chance to find some bug.

How Important Are Cybersecurity Certs And Which Ones Would You Advise?

I personally have some certs, but they are just pieces of paper!


Back To The Top | Contribute

Diaa Diab

Diaa Diab

Biography

I am a security researcher specialized in finding security vulnerabilities and breaking into systems; I have over 4 years of experience in information security and development fields that varies from Applications Security, Reverse Engineering, Malware Analysis, Forensics, Incident handling, Exploitation Development and Network Security.

What Do You Do Within Cybersecurity?

Bug Bounty Programs, Information Security Consultant at Innovative Solutions SA.

Did You Always Want A Career In Cybersecurity Or Do You Migrate Into It?

I migrated from development career.

What Advice Would You Give To Someone Trying To Break Into Cybersecurity?

Try to learn how to code at first! The More you deep into code, The more you can do hacking.

How Important Are Cybersecurity Certs And Which Ones Would You Advise?

Offensive Security Certifications and Tracks.


Back To The Top | Contribute

Sahil Tembhare

Sahil Tembhare

Biography

I am a Bug Bounty Hunter, Web Application Pentester and a beginner Programmer, basically I like to Test Web Applications. I am also interested in OSINT.

What Do You Do Within Cybersecurity?

I’m a student for now.

Did You Always Want A Career In Cybersecurity Or Do You Migrate Into It?

No, not really, when I was 14 I used to stay at Hostel, I used to live there because my School was far away from my home. But still when I was living there at Hostel, I used not to go school and spend the whole day at Computer Lab in my Hostel. And learn new things, I was the Incharge of Computer Lab too. My colleague’s used to scold on me that I should also Attend my School on daily basis. But still I was like “I don’t care about School”. After then my interest rised in Information Security field. First, I learned Linux Basics as I was a complete Noob, then SQLi’s. Then it was like I am into it, I have nothing but Security Things to learn with my complete devotion. Thats how I want my career into Cybersecurity.

What Advice Would You Give To Someone Trying To Break Into Cybersecurity?

Yep, well I am also learner I am no master that I can guide the New peoples. But yeah, I can tell what I did when I was Newbee. I used to read and understand as much as I can, Read Blogs of Security Researchers. And learn everything from Scratch otherwise you’ll face False Positives. In Web Application Pentesting field there is a great platform to start and to learn also “HackerOne”. Read the Publicly Disclosed Reports from HackerOne and Understand the Exploitations. Learn OWASP Testing Methodology. Read Books and all. Reading and Understanding is the most Important Thing to kick start.

How Important Are Cybersecurity Certs And Which Ones Would You Advise?

Well, I don’t know much about that. But yeah I would like to do Certifications in CEH, OSINT, OSCP and CISSP. I read about this blog and yeah it makes sense.


Back To The Top | Contribute

Clara Martinez Jimenez

Clara Martinez Jimenez

Biography

Clara is a Cybersecurity Translator at Deloitte.

What Do You Do Within Cybersecurity?

I work for Deloitte in the EMEA services, I translate Cybersecurity documents and manage the trainings done by the Deloitte Cyberacademy in Madrid in order to expand the knowledge and professionalism within the area of work.

Did You Always Want A Career In Cybersecurity Or Do You Migrate Into It?

Ever since I was studying, I focused myself on International Security and then I wrote my final degree thesis on Cybersecurity issues.

What Advice Would You Give To Someone Trying To Break Into Cybersecurity?

To self-learn and investigate on their own account as much as possible and to be open minded about the roles and positions they can take within the Cybersecurity world, because you can learn a lot, and even more than you expected in a role that you didnt even know you could enjoy.

How Important Are Cybersecurity Certs And Which Ones Would You Advise?

In my case, coming from social sciences, I wouldnt advise to get any certificates, but for the technicians and the hackers I would recommend the Cyberacademy that I work for, because we provide the best courses for a wide variety of areas and now we are growing in the European level. But there are tons of certificates, and I gues it would depend on what you want to focus on. Research, research and more research.


Back To The Top | Contribute

Mike Monnik

Mike Monnik

Biography

What’s most important is your story, your journey – save yourself some reading time and shoot me a message! Coffee is great in Melbourne and I’d love to catch up and have a chat with you. I am a hacker; you could say both in security and entrepreneurial sense. I love the work I do as a penetration tester, especially when helping clients with OSINT and forensic investigations. My work has often been in high-security environments, requiring security clearances, NDAs and understanding the importance of confidential information items (often seen shredding in the office – not in the gym sense).

Similarly, I have a passion for geo-spatial intelligence, cryptocurrencies and conflict research (security/terrorism). Drones are also an area of interest to me, I started reddit.com/r/dronesec and am working on one of the world’s first ever drone-security magazines.

This however, is balanced with my research in security gamification and love for business. I’ve always been undertaking multiple projects, and enjoy motivating others about the success that mentors and opportunities have brought me.

In my spare time I participate in Bug Bounties, playing CTF’s and working on OSCP labs. When not doing that, I read entrepreneurial literature and pretend to dabble in the stock market (binary options and fintech don’t count, Mike.)

What Do You Do Within Cybersecurity?

I am currently a penetration tester; I ‘don’ the title ‘Cyber Security Consultant’ but am in a technical facing role that works on pretty much 1 or 2 different clients a week. My role includes web and infrastructure penetration testing, Open-Source Investigations, Incident Response and some limited Forensic work.

Did You Always Want A Career In Cybersecurity Or Do You Migrate Into It?

I started out with gaming – I’d been breaking too many bones at the skate park during high school and so a lot of my time was spent on the computer. I tried a bit of game hacking and, after learning to program my own tools, started discovering the hacking community.

The hacking community filled my craving for curiosity and gave me the thrill of a challenge – the mystic of it really pushed me to learn the ins and outs of it. I was very fortunate to have some mentors that pushed me in the right direction – many people might disregard University as not the most ‘practical’ area to learn technical penetration testing, however for me it was a place I could focus on my skills and passion in a more legal environment. I met some incredible people there who continually showed the ‘whitehat’ path can be just as fulfilling and pays well at the same time.

During university I spent my time on Capture-The-Flag (CTF’s) competitions and online wargames, this allowed me to collaboratively learn while meeting some seriously awesome names in the industry. Seeing your name on scoreboards among other well-respected hackers is a big motivation, and being able to speak to them, learn off them was priceless experience.

I never faltered from my passion to have a career in CyberSecurity – I think it’s always driven me and it’s my 24/7 goal, purpose and what takes up almost all my time! It’s an area that moves so quickly that you’re forced to keep learning, reading about new CVE’s, reading blog posts and trying new things. IoT and embedded devices have certainly shown that there’s no ‘comfort zone’ in cybersecurity, you’re always moving forward.

I interned for a little while developing a secure protocol that really gave me a backstage insight into the developers life. This was super essential to my work now, as I can start to understand how my reports or my actions will be received, read and mitigated by developers. It’s also cool trying to attack a developer tool that you know the ins and outs of – it gives you almost an ‘insider feeling’ where you can test the parts you know will have a large impact on the organisation as a whole. Similarly, playing with Amazon Web Services (AWS), digital ocean, and other servers online gave me a look at the ‘whole spectrum’ of a server you could say – not just attacking a web front end but really taking the whole thing into context. The infrastructure, DNS, open source info, git repos, the software they’ve used, the OS and so on. All little parts that work together to give the user what seems like a nice front end – with multiple vectors of potential compromise for a hacker.

My career will almost certainly always be related to CyberSecurity – whether that takes on the form of more red teaming, hacking drones or something else i’m sure it will always relate.

What Advice Would You Give To Someone Trying To Break Into Cybersecurity?

It’s really hard to translate a business trying to make money through cybersecurity into a theoretical, or even practical sense in a pre-work context. That’s simply the truth – you don’t come in knowing how to consult, write business-excellence reports or make calls on what you should say to a customer asking you to make calls about their security posture.

What you can do however, is expose yourself to some things which make this transition a super easy one, allow you to learn quickly and get the job in the first place by proving it to the interviewers.

If you’re applying for cybersecurity in general (technical such as penetration testing, or general such as GRC), become aware of the landscape. This includes the people (twitter, linkedin, facebook groups), the current events and info (blogs, daily news, hacker cons) and the skills (CTF’s, wargames, competitions such as CySCA).

Most web developers show up with a portfolio of websites they’ve designed for their interview – what about a hacking portfolio? My perspective of this would be a github account with a tool or script you’ve made, or even a list of tools you’ve tried or used in CTFs. A list of CTF events and some of your favorite challenges and why, how you solved it and how it might be fixed (writeups). Possibly you’ve tried your hand at Bug Bounties – put down your findings and explain why they might be important. Most importantly, take advantage of your two feet and get yourself to a hacker conference – the people you meet there will become friends for life and will certainly welcome you into the community. Many incredible opportunities, experiences and learning can come from human interaction.

Finally, I would say apply for positions. Go to the interviews and learn what they’re looking for, what you may be missing and ask for feedback. If you can demonstrate learning from a few failed interviews, this equally demonstrates your persistence with say attempting a buffer overflow that won’t work the first ten times. Connect with people on LinkedIn – ask them questions, ask questions on quora, soak everything up like a sponge.

Finally, start learning linux. It’s not an absolute must some may argue, but it demonstrates your ability to learn technical concepts and provides powerful functionality for when used (and quite often). You want to gain experience with many tools, concepts and software that might not even relate to security – one day you might be testing it and wish you knew it better. Understand how things work and then you can start working towards exploiting it.

How Important Are Cybersecurity Certs And Which Ones Would You Advise?

Certifications are certainly more practical than theoretical courses such as Universities. However I wouldn’t shy away from the one – learn as much as you can from any given opportunity.

The OSCP from Offensive Security is a hands-on cert that allows you to learn fundamental infrastructure, web and network penetration testing, with the added benefit of report writing. It’s a course which doesn’t rely on vulnerability scanners, and rewards students who script and code their own tools; in this sense it can be a very powerful tool for learning the ropes of penetration testing. Similarly, it gives experience in both windows and unix machines, and teaches the importance of recon and information gathering across all domains.

If breaking into a technical role such as penetration testing, I would recommend time spent on practical areas such as CTFs, Bug Bounties and OffSec certs rather than completing something like CEH or CISSP. If going into a more general role, those kind of certs may be preferred.

Finally, try to save and and enrol in one of the hacker convention trainings – these usually last 1-3 days and include some of the best InfoSec trainers in the world. They are costly but well worth it. Similarly, short courses such as ‘Automating OSINT with python’ or worth the practical knowledge and pivot you into a more niche area of knowledge which is well worth mentioning to future employers.


Back To The Top | Contribute

Thomas Bennett

Thomas Bennett

Biography

Lawyer, consultant, specialising in company matters, including cyber and data security.

What Do You Do Within Cybersecurity?

I advise clients as to their legal and commercial risks.

Did You Always Want A Career In Cybersecurity Or Do You Migrate Into It?

Migration – general corporate expertise led to maritime security expertise, then to information security knowledge and advisory services.

What Advice Would You Give To Someone Trying To Break Into Cybersecurity?

Find an area within info sec which is in high demand.

How Important Are Cybersecurity Certs And Which Ones Would You Advise?

There are many. Suggest CISSP for overall acumen.


Back To The Top | Contribute

Abel Iglesias Iglesias

Abel Iglesias Iglesias

Biography

Cybersecurity Operator, IT Risk, Fraud & Security at GoNet (BBVA cert) at GoNet USA.

What Do You Do Within Cybersecurity?

I work at the BBVA CERT, monitoring the attacks against the entity.

Did You Always Want A Career In Cybersecurity Or Do You Migrate Into It?

Yes, I love the world of computer security and ethical hacking.

What Advice Would You Give To Someone Trying To Break Into Cybersecurity?

The first thing that does not despair, is a very wide world and can be complicated. But with desire and effort is taken. Otherwise, it is necessary to have a base of everything that compose the computer science, systems, programming, networks, etc.

How Important Are Cybersecurity Certs And Which Ones Would You Advise?

They are important yes, but not necessary at first. With having some more basic course you can open the doors. It is understood that a certification of that level costs too much money that not everyone can afford at first.


Back To The Top | Contribute

Rajatkumar Karmarkar

Rajatkumar Karmarkar

Biography

Rajatkumar Karmarkar is an IT-Security researcher , Along with an Web Security Analyst and vulnerability assessments, he is currently holding the position of Security Analyst at Nota Inc. in Japan. His field of intrest is Vulnerability Assessment, Penetration Testing , Security Auditing/Training, web devlopment, server mangement and Web Vulnerability Researching. He has been awarded with Hall of Fame & Rewards by Google, Microsoft, Ebay, Apple, Nokia, Paypal, AT&T, Yahoo and many more.

What Do You Do Within Cybersecurity?

Cyberaon is my stratup name and we provide services to our client and do some bug bounty.

Did You Always Want A Career In Cybersecurity Or Do You Migrate Into It?

Yes, I always want a career in it.

What Advice Would You Give To Someone Trying To Break Into Cybersecurity?

Stay updated with new exploits, methods and CVE’s.

How Important Are Cybersecurity Certs And Which Ones Would You Advise?

I found Certs didn’t help in this field.


Back To The Top | Contribute

Diego Durantes Toribio

Diego Durantes Toribio

Biography

Diego is a Manager Cybersecurity Consultant at Necsia IT Consulting.

What Do You Do Within Cybersecurity?

We address the protection of threats from the perspective of attack surfaces, for which we rely on partners with the best technologies in the market and with reference projects for large corporations.

Did You Always Want A Career In Cybersecurity Or Do You Migrate Into It?

Yes.

What Advice Would You Give To Someone Trying To Break Into Cybersecurity?

Formation and desire to learn.

How Important Are Cybersecurity Certs And Which Ones Would You Advise?

Very important, all you need in your performance, CISA, CISM, CISSP, CEH.


Back To The Top | Contribute

Saul Arias

Saul Arias

Biography

I started working as security application developer, and later I worked for 3 years as pentester. Now I’m working as eCrime and malware researcher. In addition, I always have done security projects by myself at home.

What Do You Do Within Cybersecurity?

You can read in my Linkedin profile (you can only see it if you’re my contact), where I detail it. In addition I always have done security things by myself.

Did You Always Want A Career In Cybersecurity Or Do You Migrate Into It?

I simply loved it since I was a child. First it was my hobby and now I can earn money with it, so I feel very lucky because of that.

What Advice Would You Give To Someone Trying To Break Into Cybersecurity?

Knowing computer security implies knowing the technology in deep. And this implies A LOT of hours learning, EACH day. If you love it this won’t matter to you, but if you don’t you will fail. Another important thing; the University won’t help you very much, you have to study and practice by yourself.

How Important Are Cybersecurity Certs And Which Ones Would You Advise?

Cybersecurity Certs are important if you want to be visible to non-technical people (like HHRR of companies). In my opinion, you should not search the knowledge here (CTF’s are a good choice for that). Anyway, if you want to do it I advise practical certs like OSCP or OSCE. It does not make sense for me an exam about nmap flags.


Back To The Top | Contribute

Umesh Gorakh Hande

Umesh Gorakh Hande

Biography

I have been working in Capgemini for over 2.5 years as Information Security Analyst, I have done few certification in Cybersecurity domain including CEH.

What Do You Do Within Cybersecurity?

The primary role are Security Incident Investigation / Analysis & provide solution / recommendation, Vulnerability Management and Web application Scanning, understanding of security tools like Nessus, Qualys vulnerability scanner, Wireshark. Intrusion Detection and Prevention System (HP tipping point). Reviews and analysis the alerts based on the applicability and the severity of the alert (SIEM). I do have an expert knowledge of Qualysguard, Arch sight, Tipping point. I also Work on improvements for provided security services, including the continuous enhancement of existing methodology material and supporting assets.

Did You Always Want A Career In Cybersecurity Or Do You Migrate Into It?

Yes, I always wanted to get into Cybersecuriy domain that’s why I did CEH certification when I was in my Graduation studies.

What Advice Would You Give To Someone Trying To Break Into Cybersecurity?

Try to learn at least one programming language that might be Ruby, Pythod, PHP etc. Build your own computer and security lab(Virual) using old PCs, your own wireless router with firewall, network switch, etc. Practice securing the computer and network, then try hacking it. Participate in cyber security contests and training games. e.g. Wargames. Look for vulnerabilities on open source projects and sites with bug bounties and document your work and findings. Have knowledge about OS, Network controls or devices, Protocols, Ports. Additionally how Cryptography function works etc.

How Important Are Cybersecurity Certs And Which Ones Would You Advise?

[I would recommend] OSCP, CISSP, CISM


Back To The Top | Contribute

Aaditya Purani

Aaditya Purani

Biography

Aaditya is an independent web application security researcher and penetration tester from India. I started my career in Information security at early age. I’ve been an active participant in different bug bounty programs and I have got acknowledgments by many top companies including Google | BlackBerry | Microsoft | Atlassian | HackerRank | Avast | Keen.io | ESET | Ruxit | Recorded Future | Transloadit | OWASP | Sellfy | Bitcasa | Huawei and many other companies.

I’m passionate about Cyber security. Security is a subject in cyberworld which we can’t think away anymore. Data breaches can cause millions, and millions of sensitive data to be leaked on the Internet. As a security researcher I fight against this.

I occasionally assist organisations, non-government and educational organisations with trainings and various security assessment services. I am also a Certified Ethical Hacker and also a Certified Android programming by Google workshop. I have tried and tested everything on every field, from software to hardware. I have also contributed to Cyber Hacking field by my Papers, Tools, Exploits code and also works as exploit author at Exploit-DB, Packet Storm Security, Milw00rm etc. Web Application security and Malware analysis is my area of interest.

I have also worked as Media Manager for Nishkrant Media pvt Ltd 2013 and also been awarded FB King Marketing Award 2014. I love to play chess, play cricket, football and reading a lots of books. I have worked on many projects like Battery Charger, MIPS processor, Image Processing, Hotel Management, Android App development, DBMS, Embedded Systems.

What Do You Do Within Cybersecurity?

I currently work as an Independent Cyber Security Researcher and run a crowd sourcing platform called HackerLedge which helps connect security researchers to organization and providing them cyber security solutions. I am the founder as well as lead penetration tester of HackerLedge. My work includes vulnerability assessments, Risk Analysis and Threat Mitigations. I assess the plugins, codebase as well as Network of Client’s company and mitigate the vulnerabilities. Additionally, I assess black box web applications, Mobile applications and Reverse Engineer binaries to find vulnerabilities and in result, i write exploits. During weekends, i play Capture the Flag competitions to cope up with current real world practical exploitation techniques.

Did You Always Want A Career In Cybersecurity Or Do You Migrate Into It?

I wanted to Software Developer when i started in this field before 7 years. But i soon realized that if i can build something, i can break it too. Breaking is fun when you know the fundamental blocks of building something. So, I started taking interest in learning the security aspects related to programming. I was also intrigued by jailbreaks and other hacks which motivated me to build a career in cyber security.

What Advice Would You Give To Someone Trying To Break Into Cybersecurity?

To break something, you need to know what it is build upon. For that, the first step is information gathering. In the first step of every smaller or large assessment, a researcher should know about the architecture of the system and sufficient information on what the blackbox system is built upon. After having necessary information, the next step is to identify the potentially targetable endpoints or inputs. I believe, the more inputs your application have, the higher chances to getting hacked. The third step should be testing or fuzzing & the last one should be exploiting. If everything is planned well, then success is inevitable. There is a thin line between White Hat Hacking & Black Hat Hacking, I suggest new comer researchers to first ask the organizations / clients whether they are comfortable with them pentesting their network and then proceed.

How Important Are Cybersecurity Certs And Which Ones Would You Advise?

CyberSecurity Certificates are important as they show the on-paper experience of a researcher. It looks better on resume too. I would suggest Certificates / Courses from Concise Course, ELearnSecurity and Offensive Security (OSCP, OSWP etc).


Back To The Top | Contribute

Esther George

Esther George

Biography

I am an independent cybercrime, cybersecurity and digital evidence consultant, trainer, conference speaker and author based in the UK. I am also the lead cybercrime consultant for the Global Prosecutors E-Crime Network (GPEN) which is part of the International Association of Prosecutors, an honorary researcher with the University of Lancaster and a Council of Europe cyber crime expert. I regularly speak at the Council of Europe Octopus conference.

I specialise in cybercrime, cybersecurity, data protection, intellectual property theft, international co-operation and electronic evidence. I have recently worked with the Council of Europe, the United Nations and the Commonwealth Secretariat.

I have established credibility and respect by demonstrating a depth of knowledge in complex and technical areas such as cyber crime, cyber security, digital evidence, data protection, human rights, intellectual property and international co-operation. I regularly devise training material and travel internationally training judges, prosecutors and law enforcement how to deal with cybercrime.

I am a co author of the Council of Europe Electronic Evidence Guide 2013. I am also the co author of two published papers one is “Digital Evidence and ‘Cloud’ Computing”, Computer Law & Security Review, Volume 27, Issue 5, September 2011, Pages 524–528; the other is “Obtaining Evidence from Mobile Devices and the Cloud”, Computer and Telecommunications Law Review, 2015, Volume 21, Issue 8, 245 – 252.

What Do You Do Within Cybersecurity?

I am a member of the Advisory Committee of Cyber Essentials Direct Ltd which is the company behind The Cyber Highway which a unique online portal that helps secure businesses and enterprise supply chains against the ever-increasing threat of cyber crime and attacks. We provide companies with everything they need to enable them to achieve Cyber Essentials and Cyber Essentials Plus Certification – and help manage the security of their IT infrastructure into the future. Going through The The Cyber Highway would help students understand what businesses need to do at a basic security level to protect themselves better. I was the Director Cybercrime and Prevention at 8MAN an access rights management consultancy which specialises in protecting companies from unauthorised data access. I was previously a Senior Crown Prosecutor and Senior Policy Advisor with the Crown Prosecution Service. I was the strategy and policy national cyber crime lead.

Did You Always Want A Career In Cybersecurity Or Do You Migrate Into It?

No I migrated into it. I was a prosecutor with the Crown Prosecution Service (CPS)specialising in prosecuting youth crime when I became interested in computers. I then specialised in prosecuting what was then called high tec crime but today is more commonly known as cybercrime. I then became the CPS High Tec Crime Manager and Policy Advisor. I developed and designed the CPS national high-tec crime training courses for prosecutors, as a result the CPS had over 200 high-tec crime specialists when I left in 2014.

What Advice Would You Give To Someone Trying To Break Into Cybersecurity?

Be aware that there are a number of qualifications out there at the moment which may not necessarily get you employed in the sector. Contact companies which you are interested in working with and find out what they are actually looking for / would recommend.

  • Consider joining a cyber security related association so you can network with experienced members of the industry.
  • Consider joining cybersecurity LinkedIn groups.
  • Manual Source Code Review (C,Java,PHP,JSP/Shell)
  • Consider attending Cyber Security conferences.
  • Consider going through The Cyber Highway. This would help students understand what businesses need to do at a basic security level to protect themselves better.

How Important Are Cybersecurity Certs And Which Ones Would You Advise?

Cybersecurity Certs are important, contact companies which you are interested in working with and find out what they are actually looking for / would recommend in relation to cybersecurity certs.


Back To The Top | Contribute

Samrat Das

Samrat Das

Biography

Samrat is a security researcher currently working in Deloitte India having 2.5 years experience. Familiarity with OWASP top-10 Controls/ SANS 25 / WASC / OSSTM. Hands-on experience and R&D on:

  • Web App/Mobile App/Network Penetration testing and Vulnerability Assessment
  • Thick Clients Penetration Testing and Analysis
  • Manual Source Code Review (C,Java,PHP,JSP/Shell)
  • Network Architecture Audits/ Firewall Audits
  • Social Engineering and Open Source Intelligence Analysis
  • Reverse Engineering & Malware Analysis

He is a active CTF participant in his spare time as well as being an active member in various cyber security communities having given multiple corporate trainings and workshops across Mumbai/ Pune/ Bangalore/ Kolkata locations on:

  • Penetration testing
  • Cryptography
  • Malware and Ransomware
  • Network Architecture Audits/ Firewall Audits
  • Reverse engineering and binary analysis
  • Cloud Security

What Do You Do Within Cybersecurity?

Currently working in Deloitte India- Cyber Security as Penetration Tester.

Did You Always Want A Career In Cybersecurity Or Do You Migrate Into It?

Childhood dream to break into cyber security.

What Advice Would You Give To Someone Trying To Break Into Cybersecurity?

Take the first steps to learn programming! The first and foremost tool to become a hacker. Start with Python/ C language. Then next take a grasp on basics in networking and database. Enrol in online video courses from Cybrary/ Security Tube. These helps you learn a lot. Download Vulnerable Web apps/ mobile apps into Virtual Machines and practise them with Linux OS (preferably Kali). The more hands-on, the better you grow! Learn from great hackers posts from Hacker-One and bug-crowd.

How Important Are Cybersecurity Certs And Which Ones Would You Advise?

I believe certifications are mere paper showing your ability to clear an exam. For me, learning comes from curiosity, not certs. There are few certifications which though gives you real handson practise as well as practical knowledge on Hacking and Penetration Testing ( OSCP / OSCE) as well as various SANS certifications among others.


Back To The Top | Contribute

Dhillon Kannabhiran

Dhillon Kannabhiran

Biography

Dhillon Andrew Kannabhiran (@l33tdawg on Twitter) is the Founder and Chief Executive Officer of Hack in The Box (http://www.hitb.org), organiser of the HITBSecConf series of network security conferences which has been held annually for the past decade in various countries including Malaysia, The Netherlands and the UAE.

HITBSecConf routinely brings together some of the world’s leading subject matter experts, law enforcement officials and independent researchers to discuss the next generation of attack and defense methods. Celebrating it’s 10th year anniversary in 2012, HITBSecConf is today one of the most highly anticipated, must-attend annual events for network security gurus, researchers and enthusiasts.

Prior to quitting his day job to lead the HITB team on crazy adventures around the world, Dhillon started off at the height of the dotcom craze as a technology journalist with PC World, ZDnet, MIS Asia and CNet. When the bubble burst, he moved on to a Malaysian telco as Chief IT Officer to spend his days in the world of Cisco AS5300s, in a land of packet switched networks at a time when Asterisk did not just mean ‘*’

Today, Dhillon spends his days surrounded by emails, spearheading all of HITB’s strategic efforts and driving the HITB team crazy… And for 3 months each year, he cycles as much of The Netherlands as he can.

What Do You Do Within Cybersecurity?

Founder and Chief Executive Officer at Hack In The Box.

Did You Always Want A Career In Cybersecurity Or Do You Migrate Into It?

I’ve been ‘in’ computers and security since I was in my teens.

What Advice Would You Give To Someone Trying To Break Into Cybersecurity?

Pick a research area that interests you (reverse engineering, exploitation, application security, malware) and learn everything you can about it .

How Important Are Cybersecurity Certs And Which Ones Would You Advise?

Certs can’t replace real world knowledge – start a pet project and document your work / share it as far and as wide as you can. Participate in forum discussions, join conversations on Twitter. Share more. That would be far better than collecting ‘certs’ just to pad your resume. If you can’t prove you know what you say you do in the real world, all you have is a piece of paper.


Back To The Top | Contribute

Saif Ali

Saif Ali

Biography

This is one of those questions where I wonder what should I say, anyhow I think and believe that I’m a doer. And I constantly try to break stuff in curiosity and then make them from scratch again but in a better way than before to see and understand how they work.

What Do You Do Within Cybersecurity?

Primarily Web App Security, Wireless Network Security, Cryptography and Pentesting.

Did You Always Want A Career In Cybersecurity Or Do You Migrate Into It?

I would say that I always wanted to get into Cybersecurity. This all started 8 years ago when I accidentally landed on an O’Reilly boon on Wi-Fi hacking. Since then I’ve always been fascinated with Information Security in general.

What Advice Would You Give To Someone Trying To Break Into Cybersecurity?

Well this is a kicker. If you are trying to break in just for fun while harming someone or some entity or organization, I wouldn’t support that and I would advice you rather do it with their permission (permission to break in here means you found a loophole and now you are just seeing how far can this escalate without harming the system’s integrity and how to come up with a patch eventually). This way would earn you respect and experience and even $$ in most cases, so it’s a win-win situation.

If you are one of those Black Hats, I suggest you to slowly put on new White Fedora, it’s about time you did that.

How Important Are Cybersecurity Certs And Which Ones Would You Advise?

Certs are important yes but if you really are an expert you should also have endorsements. Doesn’t matter from Fortune500 or from the Flower shop down the block. Endorsements are more powerful in my world, they reflect your practical experience.

Cert Authorities wouldn’t want you to fail and give them a bad repu so they’ll let you pass eventually.

Recommended certs? OffSec is pretty cool, I’ve been following them (Mati)closely since Vista.


Back To The Top | Contribute

Jiehong Liu

Jiehong Liu

Biography

A decade of hacker research experience. As a security researcher and my research field includes but not limited to Advanced Web penetration testing,wireless security, Covert communication, Malware analysis, Intranet penetration testing, AV evade, fuzzing, Honeypot escape.etc. and sometime I translate some technical articles on some forums or blogs, Over the past decade self-study times is the best gift which the God give me. I believe you are your own best mentor,and I persist, therefore I am.

What Do You Do Within Cybersecurity?

My job is protect China (Guangzhou) government network security against hackers suffering from various network attacks. Previous employers was Systex, a Taiwan company, secure operation and maintenance the China Mobile (China’s biggest ISP) in Guangdong.

Did You Always Want A Career In Cybersecurity Or Do You Migrate Into It?

Cyber Security is my hobby, when I read junior high school in China. I remember that time I read the hacker magazine in the class, and then I was found by the department director, the results was class teacher and my father, my mother even my aunt scolded me. It seems that every hacker has an unknown secret.

What Advice Would You Give To Someone Trying To Break Into Cybersecurity?

Yeah, Cyber Security is become more and more complicated. In my junior high school hoodtime, many people use hacker tools can hacks anyone computers, but nowadays, various new technologies (IoT & AI)and the emergence of new attack vectors,this is Challenges and opportunities for all the industry not just cyber security. So keep learning is the right way,and finding the right way to learn is another right way and stay hungry, stay foolish.

How Important Are Cybersecurity Certs And Which Ones Would You Advise?

Certainly, certs are important for all industries (not just cyber security) and you know Zuckerberg is the special one but you are not Zuckerberg. Unless you have well-connected people in this industry, you have enough influence, otherwise the certificate is an important stepping stone for you.


Back To The Top | Contribute

Jerome Galerne

Jerome Galerne

Biography

Jerome if the founder of Cadran7. After an Executive MBA (ESCP Europe), Jerome decided to create Cadran7, a consulting and investment firm on digital strategy, transformation and trust. With an approach focused on usages and people, he’s advising startups and companies on strategy and execution, helping them to get involved at the heart of the digital transformation taking into account their core business, values ​​and culture. He is also involved in business takeovers and startups funding.

What Do You Do Within Cybersecurity?

I’ve been CISO for an international retail group for 5 years (2004 – 2009) Splitting my time between consulting and startup development, I deliver cybersecurity training focused on strategic and business alignment.

Did You Always Want A Career In Cybersecurity Or Do You Migrate Into It?

Starting from a network engineering position, I quickly took over more managerial activities. From Network and Telecom international manager, I had the opportunity to move to a CISO position, firt at a BU level and then at corporate level.

Then I had the choice to deepen my cybersec expertise (joining a national agency) or to become a more global manager. I decided the second option pursuing an Executive MBA at ESCP Europe and launching my own consulting firm. However, I keep some interest in the cybersecurity field, especially from a strategic perspective.

What Advice Would You Give To Someone Trying To Break Into Cybersecurity?

Like any indutry, cybersecurity offers a large panel of jobs and personal development oppportunities. Identify your strenghts, your career objective and know in which field where you can perform the most: technical, marketing, sales, management, consulting. Whatever your field of expertise, cybersecurity is moving fast and is demanding. It requires to continuously learn and keep pace with changing situational needs. Last but not least, do not forget the “why” (not only the “what” and “how”). It’s a current trap I often see with people getting enclosed in their high-expertise and loosing the sense of purpose.

How Important Are Cybersecurity Certs And Which Ones Would You Advise?

It’s the “reactive” part of the cybersecurity which has to be efficient, processed and regularly tested. No particular Cert to recommand (depends on specific needs).


Back To The Top | Contribute

Hasan Alqawzai

Hasan Alqawzai

Biography

Hasan is an Information Security Specialist at Innovative Solutions SA

What Do You Do Within Cybersecurity?

Penetration Testing, vulnerability assessment, Web application,Network Android and IOS penetration testing.

Did You Always Want A Career In Cybersecurity Or Do You Migrate Into It?

Yes, I want always career in cybersecurity because I love my job and I always looking for new challenge.

What Advice Would You Give To Someone Trying To Break Into Cybersecurity?

Read basic network or CCNA, Security+, Basic Linux, CEH.

How Important Are Cybersecurity Certs And Which Ones Would You Advise?

It’s very important to anyone joining to cybersecurity and I recommend people attending Security+, OSCP, CEH, SANS course like GPEN.


Back To The Top | Contribute

Deepak Kumar Nath

Deepak Kumar Nath

Biography

I am an Information security enthuaist with a keen and security centric devotion to Web Application Security and provides individual security consultancy along with 5 years of experience in my professional information security career. my primary focus mentioned in the following:

  • Application Security Research
  • Information Security Governance Industry
  • Penetration Testing and Vulnerability Assessments
  • Security Compliances

Apart from Penetration Testing, Vulnerability Assessments and information security research, I am currently focused on developing adaptive red teaming methodology, defining risk management for his clients and modeling threat agents and accessing the threats for the Enterprise.

I started a Leading Cyber Security Company, Global Tech Promoters in 2013 and now we have many clients with suitable platforms to achieve something great; we now have 110+ Clients, 20+ Associated Partners and have trained 12,000 students.

As an Ethical Hacker-cum-information security researcher with more than 5 years of experience; I have received many acknowledgements and bug bounties by discovering serious security flaws in websites such as Facebook, Microsoft, Blackberry, Sony, Mastercard, AT&T, Fiat, Sellfy, Bitcasa, Inflectra, Get Pocket, Apptentive and many more Companies. Apart from expanded projects, I have been actively involved in training and contributing contents on web application security.

My research interests include Ethical Hacking & Cyber Security, Penetration Testing, Vulnerability Assessment, Network Security, Data Forensic, Information Security, Cryptography and Exploit Development etc.

What Do You Do Within Cybersecurity?

I am basically a Cyber Security Expert-cum-Entrepreneur. I started my own company, Global Tech Promoters in 2013, with IT enabled Services & Cyber Security Services. Alongside that we are providing training on ethical hacking & cyber security training in India and Working on Innovative Cyber Security Projects.

Did You Always Want A Career In Cybersecurity Or Do You Migrate Into It?

I choose this platform from my 10th class of Study. My journey was one of the biggest story of my life. Without support, no technical background, & with many struggles from one non-technical student to this position, was unbelievable. I started all by listening one of my friend’s imagination. So that from the first I had the interest to be the ethical hacker from odisha. With my interest, discussions, coordination of many hacker friends i learned something. tried to do something big. and I founded my own company when i was just 18 years old. Now I am 23 but and had 5 years of jounrney, but still working for big.

Joined B.Tech in EEE Branch, never attended any courses, no teachers, but after all i can able to get the hall of fame & rewards from Facebook, Microsoft, Blackberry, Sony & many more when i was there in my 3rd year. working on real time corporate clients, joined some of companies without graduation was one of my biggest achivements, through which I got the courage to work more.

With the Flow of time, I learned something. Still learning every second.

What Advice Would You Give To Someone Trying To Break Into Cybersecurity?

Just Go with your passion, Be Updated with latest technology, exploits, methods, research with your innovation, checking out POCs of others will make your process to break anything easier.

How Important Are Cybersecurity Certs And Which Ones Would You Advise?

I never believe in Certification, If you are the pro ethical hacker, then you can hack the university to get the certificates. Just kidding.

But yes, in corporations, all are asking about certificates like CEH, OSCP, CISSP. I have started to provide the course Certified Global Ethical Hacker” from my Company but students are getting placed in different companies.

So learn from your heart, go with your passion, then you can achieve all, what we want. If Certifications will be there, then it will be one more point to add.

I advise everyone to learn based on your interests, from best expert as they can know the reality and can able to work. then if they want then enroll for CEH, crack the exam & get the certifications. but yes OSCP is quite good. All security researcher should try for this. For all beginners, they can choose my course, CGEH by GTP for initiating their career.


Back To The Top | Contribute

Renzon Cruz

Renzon Cruz

Biography

I’ve been working in Cyber Security field for 5 years now and I was able to work as Security Analyst, Security Engineer, Lead Incident Response, and currently working as a SOC Analyst in one of the leading global law firms. I’m also teaching college students under College of Computer Studies with focus on Information Assurance and Security as my part time job and also my way to practice and enhance my skills. I’ve also worked with the leading security vendors worldwide for project implementation such as Symantec, IBM, Carbon Black, Tanium, Crowdstrike, Cisco, LogRythm, to name a few. I’ve also involved in different IT projects that focus more on security and been appointed as technical resource for different security compliance such as ISO 27001 and PCI-DSS.

What Do You Do Within Cybersecurity?

On a daily basis, I always check different websites and blogs to ensure that I am updated on the latest threat landscape. I usually spend my whole 30mins by just reading infosec news first thing in the morning. I also check if there’s a new vulnerabilities from the wild that I should know in order to act proactively and to ensure that we are safe from the new bugs out there. Threat monitoring, checking every endpoint security status, monitoring our SIEM logs correlation if there’s a hit, malware hunting using our advanced persistent threat console and our cutting edge application white listing tool are my daily tasks. During weekends, I usually make a timeline of career advancement by reading, watching video tutorials that I purchased online, Open University learning and creating a lesson plan for my students. I also practice penetration testing using my own laboratory at home by performing exploits, vulnerability scanning, and conducting security research regarding web application security (OWASP methodology). I am also a fan of watching videos coming from different cons such as BlackHat, DEFCON, Derbycon, etc. and listening to a podcast session mainly by Paul Security Weekly.

Did You Always Want A Career In Cybersecurity Or Do You Migrate Into It?

I’m in this field by accident. During my college days, I was dreaming of being in a game development industry someday because of my addiction to some computer and video games. I practiced my multimedia skills when I was in highschool in preparation of designing my own game in the future. Suddenly, my career started to shift when I got my first job as an Information Security. From there, I got to involved into one part of security domain which is Access Management and got curious about how does security works from enterprise perspective. Because of my curiosity, I watched youtube videos almost everyday and I learned the different hacking groups such as anonymous and lulzsec and conducted a deep dive research about their cause and initiatives. I would consider that time as my turning point and I decided to turn this curiosity into a career. I got a job from IBM after being in infosec IAM field for 2 years and when I was with big blue, I encountered several cyber attacks and I was forced to execute strategies and techniques to defend our client’s network. That’s how I started to have a career in Cyber Security.

What Advice Would You Give To Someone Trying To Break Into Cybersecurity?

Stay curious. Learn to master logic and critical thinking. Cyber Security is an endless learning and you should learn everyday. Master the basic and fundamentals starting from Operating system, basic networking stuff, basic programming techniques and analogy, web programming and some basic database command and queries. That would help you to understand how computer works from different perspective and it would be essential to learn security with this strong basic knowledge. In our current IoT (Internet of things) set up, cyber security is a fast pace module where in everybody is involve and everybody can be a target. Also consider to expand your network, attend conferences nearby, do not hesitate to ask questions from the experts and try to get a mentor. I always use this quote whenever I want to clarify something: “When in doubt, just ask.

How Important Are Cybersecurity Certs And Which Ones Would You Advise?

It could be beneficial because having a certifications makes you stand out from the crowd. I’m a fan of SANS institute but also expanding my sights to other vendor such as ISC2 and EC-Council. I am actually targeting at least 2 certs a year to have atleast an output and paper based evidence of what I know from this indemand career. I would say, this can be treated as a “gate pass” to a more exciting roles and responsibilities worldwide. But this should not be the basis of management, certs are good to have but experience and your desire to learn is more attractive to the technical people who knows who should they hire.


Back To The Top | Contribute

Raju Patil

Raju Patil

Biography

Raju is Enthusiast, Quick learner and Passionate about Information Security. He is skilled in various activities of Infosec like, Web Application Penetration Testing, Mobile Application Penetration Testing for Android & iOS, Web Services Testing, Business Logical Vulnerability, Mitigation of Web & Mobile Application Vulnerabilities, Vulnerability Assessment, Network Penetration Testing, Configuration Audit. As a Security researcher, he performed multiple Web Application Penetration Testing, Network Penetration Testing, Vulnerability Assessment, Mobile Application Penetration Testing and also continue participating in Bug Hunting programs.

What Do You Do Within Cybersecurity?

Web Application Penetration Testing, Vulnerability Assessment, Mobile Application Penetration Testing etc.

Did You Always Want A Career In Cybersecurity Or Do You Migrate Into It?

Yes.

What Advice Would You Give To Someone Trying To Break Into Cybersecurity?

Do some certifications.

How Important Are Cybersecurity Certs And Which Ones Would You Advise?

If someone wants to come into Cyber Security at least they must have one certificate like CEH.


Back To The Top | Contribute

Francois Gratiolet

Francois Gratiolet

Biography

Francois Gratiolet is the founder and Managing Partner of BUSINESS DIGITAL SECURITY, a strategy and marketing consultancy that focuses on the fields of digital and cybersecurity.

François has a deep experience and detailed knowledge of the market of cybersecurity, data protection and digital trust.

François is a graduate of the Executive MBA from ESCP Europe (2011) and holds a master’s degree at Telecom ParisTech (1999). He is certified ISACA CISM, CISA and ISO 27005 Risk Manager. He is a member of the IFA (French Institute of Directors) and the Telecom ParisTech cybersecurity Group. He is an advisor for CEIS.

His mindset is “Thinker and doer”. He is loyal, results oriented, team spirit, committed to excellence, curious, lively, enthusiastic and energetic.

Contributing to the digital society development and bringing out new disruptive and secure services to customers is a personal motivation. Business, technology, legal and social stakes are tremendous.

What Do You Do Within Cybersecurity?

Strategy and marketing advisory for cybersecurity.

Did You Always Want A Career In Cybersecurity Or Do You Migrate Into It?

I embraced cybersecurity since the start of my pro career.

What Advice Would You Give To Someone Trying To Break Into Cybersecurity?

Think about the value you can bring (IT, networks, business, communication skills…)

How Important Are Cybersecurity Certs And Which Ones Would You Advise?

Mandatory but not sufficient.

I recommend CISSP, CISA, CISM and also a business school diploma.


Back To The Top | Contribute