$30 off During Our Annual Pro Sale. View Details »

IWCon2022: Biologist to Security consultant

Anugrah SR
October 17, 2022

IWCon2022: Biologist to Security consultant

Anugrah SR

October 17, 2022
Tweet

More Decks by Anugrah SR

Other Decks in Research

Transcript

  1. Biol
    Biologist to Security
    ogist to Security
    consultant
    consultant
    My Infosec Journey

    View Slide

  2. Motivation Learning
    Journey Community
    Agenda
    Topics Covered
    Getting my first internship and job

    View Slide

  3. Security Consultant @The SecOps Group
    Synack Red Team member
    Passive bugbounty Hunter
    Twitter: @cyph3r_asr
    LinkedIn: anugrah-sr
    Web: anugrahsr.in
    Blog: p1boom.com

    View Slide

  4. How did I got into cybersecurity
    after graduating masters in biology?
    I am from a non-tech
    background. I want to do get
    into cybersec, can you help me?
    What are things I need to learn?

    View Slide

  5. Motivation

    View Slide

  6. My Journey
    2015
    Joined IISER Bhopal Life Science as major
    Computational Biology
    Evolutionary Genomics

    View Slide

  7. Age of Defacers

    View Slide

  8. Googled it!
    How do they
    do it?
    SQL Injection!
    Cross Site Scripting(XSS)
    File Upload: RCE

    View Slide

  9. COVID-19 Change in plans

    View Slide

  10. Thesis
    online
    Placement
    Cancelled
    What's Next
    No Idea!

    View Slide

  11. Plan of Action
    Apply for PhD
    Because a Dr Infront of
    name would look cool
    Data Scientist
    Because it was the
    hottest job of the century
    Hacker
    But where to start? Is it
    possible
    Asst. Professor
    I had my NET exam cleared

    View Slide

  12. #100daystolearnandimprove
    Hacking, Sharing resource and many
    more.
    Intern at OpenVirus
    aggregation of scholarly publications
    and extracted knowledge on viruses
    and epidemics.
    Into the
    Infosec
    twitter-
    verse

    View Slide

  13. My First Report SPF!

    View Slide

  14. 100days of
    hacking!
    Read a blog/writeup daily
    Hack on Bugbounty programs
    Solve a lab/room/box

    View Slide

  15. Resources
    Infosec Twitter
    Bugbounty Tips
    Direct access to experts
    Giveaways
    Youtube
    Stok
    Nahamsec
    InsiderPhD
    ...
    Labs
    Tryhackme
    Hackthebox
    WebSec Acadamy
    Pentesterlab
    hacker101 ctf
    Blogs
    Medium! Special shoutout to
    Infosec Write-ups
    Pentesterland
    Hackerone disclosed Reports

    View Slide

  16. What I learnt
    after 100days?
    Learn to google
    Learn to ask the right question.
    Don't expect someone will spoon feed
    you, You have to do your work.
    Engage with the community, gather
    people around you having the same
    mindset.
    Network as much as you can.
    Give back to the community.
    Persistence is the key.
    There is no overnight success.
    I got my first bounty after 3months
    Become part of top1000 rank in bugcrowd
    Became Confident with WAPT

    View Slide

  17. "To follow the path:
    Look to the master.
    Follow the master.
    Walk with the master.
    See through the master.
    Become the master."
    - Zen Proverb

    View Slide

  18. Started Applying for Internships.
    I don't have CEH/OSCP or any cert or relevant Degree.
    What's Next?

    View Slide

  19. Securing my
    first Infosec
    Internship!
    Solve the CTF to get hired!
    Application testing, client
    meetings, report writing and more.

    View Slide

  20. Internship/Job Hunting?
    Skills
    Up skill yourself
    Portfolio
    Make a strong portfolio for
    yourself. Be a contributor,
    curator or a builder.
    Apply
    Raw Application or
    Referral
    Good Resume/CV
    The ultimate aim in this
    competitive field is that you
    need to stand out in the crowd
    https://www.p1boom.com/2022/01/how-to-find-your-first-cyber-security-internship.html.html

    View Slide

  21. Cyber Security Analyst
    ISMS-VAPT
    Full Time
    Job
    Security Consultant
    Penetration Tests on Web
    Applications, APIs, Mobile
    Applications and Internal & External
    Networks

    View Slide

  22. "There is no way to know if this is the right
    decision or not, but it's better than living a life
    asking what if I had taken that decision."

    View Slide

  23. You lose nothing by
    sending a “Hi”, but can
    gain much more.


    YES NO
    Twitter: @cyph3r_asr
    LinkedIn: anugrah-sr
    Web: www.anugrahsr.in

    View Slide