We Ask InfoSec Professionals How They Started Their Career And How They Became A Cybersecurity Consultant


These interviews are designed to help you because you'll learn exactly how these professionals started their careers in Cybersecurity.


Chintan Gurjar

Chintan's LinkedIn Profile/ Personal Bio

Chintan Gurjar is information security analyst with 3 years of experience in carrying out security assessment projects for clients in different such as financial sector, product based companies, consulting firms, E-Commerce firms. An infosec enthusiastic whose qualifications includes a Master’s degree in computer security & forensics from London. He has an experience of working on various ares of security projects such as web & mobile application security, network security assessment, infrastructure hardening, malware identification & analysis, infrastructure audit and review.

Can you tell us a little about your role and what is required when working as a Security Consultant, i.e. a typical day or project?
It purely depends on company and client what they want from us. Speaking generally, its technical testing + good report writing skills. Lets assume, you are an awesome penetration tester and found super cool vulnerabilities in client's environment. What if you don't have report writing skills and you can't really explain exploitation scenario to the client via your report. It is worth less. Hence, to become a good consultant, you must have technical and documentation skills. My typical day task includes web, network or mobile application penetration testing. After test I have to write quality report with good explanation skills. Also I need to manage my juniors and help them in testing or with report review.

Can you tell us about your career path to becoming a Security Consultant? What roles did you work in before and have you always worked in Cybersecurity?
I started my career by pursing master's degree in cyber security from University of Bedfordshire. Since then I was actively involved in carrying Penetration Testing projects. Post study I got a job in India and my role was to audit web and mobile application security. I changed job after few years and new role required me to carry Information security maturity assessment which includes auditing of people, process and technology for any big/small enterprise. Thus how by changing company to company I was dragged into pure cybersecurity field.

What's the number #1 bit of advice you could give to someone just starting their career in Cybersecurity?
You must have analytical and logical skills. How to determine bad and good? How to choose a good company. Whom to trust and whom not to etc...After some point of time in our field, it is must to have self-learning skills as no one will be mentoring you for your whole life. You read, you create environment, you test, you write blog this is simple approach for learning new things. Give priority to your search. First find youtube videos, if you can't then go for google and find any website link, article if not then find that in darkweb, torrent or deepweb (only if torrent is legal in your country). If you follow this approach you will be a good Penetration Tester after 1/2 years.



Shubham Mittal

Shubham's LinkedIn Profile/ Personal Bio

Shubham is a the Author of DataSploit (Automated Open Source Intelligence) presented @ Blackhat Arsenal US 2016, EU 2016 and Defcon 24. He's a trainer for 'Attack Monitoring using ELK Stack' at Nullcon Goa 2016 and a co-trainer for Advance infrastructure Hacking class at BlackHat Security Conference.

Can you tell us a little about your role and what is required when working as a Security Consultant, i.e. a typical day or project?
Perform pentests on Network Infra / Mobile Apps / Web Apps. Could be over a VPN, through a SSH of direct. While we focus more on manual tests, a little side scanners are preferred for coverage.

Can you tell us about your career path to becoming a Security Consultant? What roles did you work in before and have you always worked in Cybersecurity?
Started as an InfoSec Trainer, then became a Pentester and after that I went into Product Security (defensive security) and then back again into Security Consultancy.

What's the number #1 bit of advice you could give to someone just starting their career in Cybersecurity?
Instead of going for classes, look for finding solutions on your own through resources available online. Read blogs, keep an eye on Security trends on twitter, follow security channels like reddit(netsec), news.ycombinator, and also if possible join a local security meetup chapter to keep yourself motivated and networking.



Akansha Kesharwani

Akansha's LinkedIn Profile/ Personal Bio

Akansha is a Security Consultant at Payatu Technologies Pvt. Ltd.

Can you tell us a little about your role and what is required when working as a Security Consultant, i.e. a typical day or project?
Vulnerability Assessment and Penetration Testing of Web and mobile applications, Network Security Assessment.

Can you tell us about your career path to becoming a Security Consultant? What roles did you work in before and have you always worked in Cybersecurity?
It was part of my career plan. I .was interested in this career from my college days so tried to dig and study from the internet and landed up having good job in the industry.

What's the number #1 bit of advice you could give to someone just starting their career in Cybersecurity?
Basics should be clear: if the person is not having there basics well placed then its a bit difficult to clear the interview process.



Ignacio Sorribas

Ignacio's LinkedIn Profile/ Personal Bio

Ignacio is a Security Consultant at NCC Group.

Can you tell us a little about your role and what is required when working as a Security Consultant, i.e. a typical day or project?
I am a technical security consultant. On my day to day job I need knowledge about the technologies I am testing and resources to learn more about them.

Can you tell us about your career path to becoming a Security Consultant? What roles did you work in before and have you always worked in Cybersecurity?
I started working on my own and taking training courses on different IT areas as well as security certifications like OSCP. Then I start writing a blog focused on security and going to security conferences to know and socialize with people on the security scene. That allowed me to go a security company based in Barcelona, and from there to my current company based in UK.

What's the number #1 bit of advice you could give to someone just starting their career in Cybersecurity?
Today there's plenty of information about cybersecurity on the Internet. My advice is to read as much as you can and to take specialized training courses. Some of them are really expensive, but if you have the lucky to get a job on cyber security after that, then it's worth it. Other recommendable path is to join the graduate program that some companies in UK are offering.