$30 off During Our Annual Pro Sale. View Details »

IWCon2022: Biologist to Security consultant

Anugrah SR
October 17, 2022
Research
0
73

IWCon2022: Biologist to Security consultant

Video: https://www.youtube.com/watch?v=Nn2PNouH-Z8

Anugrah SR

October 17, 2022
Tweet

More Decks by Anugrah SR

See All by Anugrah SR
ChatGPT for Hacking
anugrahsr
2
5.8k
Pentesting Password Reset Functionality
anugrahsr
0
1.1k
Hacking 101
anugrahsr
0
830
Playing With Password Reset Functionality
anugrahsr
2
4.8k

Other Decks in Research

See All in Research
Contextual and Nonstationary Multi-armed Bandits Using the Linear Gaussian State Space Model for the Meta-Recommender System
monochromegane
1
220
Data-to-Text Datasetまとめ ― Summary of Data-to-Text Datasets ―
akihikowatanabe
0
160
何でも微分する
joisino
38
35k
Byzantine fault tolerance for peer-to-peer collaboration
ept
0
140
Active Retrieval Augmented Generation
kiyohiro8
3
260
V&V of Systems Engineering Models and Modeling Languages
ftsrg
0
180
微分可能レンダラのつくりかた ~理論からVulkan実装まで~
hsato
0
200
行動変容 自分と世界を変える技術 / Behavior change techniques
dmattsun
28
16k
RSJ2023「基盤モデルの実ロボット応用」チュートリアル1(既存の基盤モデルを実ロボットに応用する方法)
haraduka
2
890
Elix, CBI 2023, フォーカストセッション, 生成モデルを中心としたElixにおけるAI創薬
elix
0
130
SNLP2023: When and Why Vision-Language Models Behave like Bags-Of-Words, and What to Do About It?
muraoka7
0
150
[CVPR2023 論文紹介] InternImage: Exploring Large-Scale Vision Foundation Models with Deformable Convolutions
yuukicammy
0
260

Featured

See All Featured
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
113
17k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
152
14k
4 Signs Your Business is Dying
shpigford
172
21k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
123
31k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
351
28k
What's new in Ruby 2.0
geeforr
336
30k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
500
140k
Infographics Made Easy
chrislema
236
17k
StorybookのUI Testing Handbookを読んだ
zakiyama
9
4.1k
Happy Clients
brianwarren
91
6.1k
Scaling GitHub
holman
455
140k
Building Better People: How to give real-time feedback that sticks.
wjessup
349
18k

Transcript

  1. Biol
    Biologist to Security
    ogist to Security
    consultant
    consultant
    My Infosec Journey

    View Slide

  2. Motivation Learning
    Journey Community
    Agenda
    Topics Covered
    Getting my first internship and job

    View Slide

  3. Security Consultant @The SecOps Group
    Synack Red Team member
    Passive bugbounty Hunter
    Twitter: @cyph3r_asr
    LinkedIn: anugrah-sr
    Web: anugrahsr.in
    Blog: p1boom.com

    View Slide

  4. How did I got into cybersecurity
    after graduating masters in biology?
    I am from a non-tech
    background. I want to do get
    into cybersec, can you help me?
    What are things I need to learn?

    View Slide

  5. Motivation

    View Slide

  6. My Journey
    2015
    Joined IISER Bhopal Life Science as major
    Computational Biology
    Evolutionary Genomics

    View Slide

  7. Age of Defacers

    View Slide

  8. Googled it!
    How do they
    do it?
    SQL Injection!
    Cross Site Scripting(XSS)
    File Upload: RCE

    View Slide

  9. COVID-19 Change in plans

    View Slide

  10. Thesis
    online
    Placement
    Cancelled
    What's Next
    No Idea!

    View Slide

  11. Plan of Action
    Apply for PhD
    Because a Dr Infront of
    name would look cool
    Data Scientist
    Because it was the
    hottest job of the century
    Hacker
    But where to start? Is it
    possible
    Asst. Professor
    I had my NET exam cleared

    View Slide

  12. #100daystolearnandimprove
    Hacking, Sharing resource and many
    more.
    Intern at OpenVirus
    aggregation of scholarly publications
    and extracted knowledge on viruses
    and epidemics.
    Into the
    Infosec
    twitter-
    verse

    View Slide

  13. My First Report SPF!

    View Slide

  14. 100days of
    hacking!
    Read a blog/writeup daily
    Hack on Bugbounty programs
    Solve a lab/room/box

    View Slide

  15. Resources
    Infosec Twitter
    Bugbounty Tips
    Direct access to experts
    Giveaways
    Youtube
    Stok
    Nahamsec
    InsiderPhD
    ...
    Labs
    Tryhackme
    Hackthebox
    WebSec Acadamy
    Pentesterlab
    hacker101 ctf
    Blogs
    Medium! Special shoutout to
    Infosec Write-ups
    Pentesterland
    Hackerone disclosed Reports

    View Slide

  16. What I learnt
    after 100days?
    Learn to google
    Learn to ask the right question.
    Don't expect someone will spoon feed
    you, You have to do your work.
    Engage with the community, gather
    people around you having the same
    mindset.
    Network as much as you can.
    Give back to the community.
    Persistence is the key.
    There is no overnight success.
    I got my first bounty after 3months
    Become part of top1000 rank in bugcrowd
    Became Confident with WAPT

    View Slide

  17. "To follow the path:
    Look to the master.
    Follow the master.
    Walk with the master.
    See through the master.
    Become the master."
    - Zen Proverb

    View Slide

  18. Started Applying for Internships.
    I don't have CEH/OSCP or any cert or relevant Degree.
    What's Next?

    View Slide

  19. Securing my
    first Infosec
    Internship!
    Solve the CTF to get hired!
    Application testing, client
    meetings, report writing and more.

    View Slide

  20. Internship/Job Hunting?
    Skills
    Up skill yourself
    Portfolio
    Make a strong portfolio for
    yourself. Be a contributor,
    curator or a builder.
    Apply
    Raw Application or
    Referral
    Good Resume/CV
    The ultimate aim in this
    competitive field is that you
    need to stand out in the crowd
    https://www.p1boom.com/2022/01/how-to-find-your-first-cyber-security-internship.html.html

    View Slide

  21. Cyber Security Analyst
    ISMS-VAPT
    Full Time
    Job
    Security Consultant
    Penetration Tests on Web
    Applications, APIs, Mobile
    Applications and Internal & External
    Networks

    View Slide

  22. "There is no way to know if this is the right
    decision or not, but it's better than living a life
    asking what if I had taken that decision."

    View Slide

  23. You lose nothing by
    sending a “Hi”, but can
    gain much more.


    YES NO
    Twitter: @cyph3r_asr
    LinkedIn: anugrah-sr
    Web: www.anugrahsr.in

    View Slide