It has been an amazing 1 year journey for me at Appsecco and I want to share my experience of my decision to start my journey of working as a Security Analyst here.
As a child, I remember always being interested in computers. One of the first memories I have is using IRCs when I was in Grade 5. Computers have always been a part of my life, it formed a passion that would later drive me to pursue software engineering.
I first started enjoying front end web development. By the end of my Bachelors, I liked programming PHP for backend.
Of course, when you are studying software engineering, security is an interesting topic.
Over the years, I was always interested in hacking into various things for fun — web applications and WiFi networks. I enjoyed hacking as a hobby and had never really given a thought of exploring this career full time.
Gradually, I began enjoying coding. and was all set up for a career as a full stack engineer.
After graduation I decided to put an end to this dilemma of pursuing hacking as a career or as hobby. After quite a thought, it struck me to pursue it sooner. I would use my programming skills as an advantage to becoming a better Pentester.
Over the next one year I took up a few Infosec certifications, got a handful of head start experience through bug bounty and a part-time role as an offensive security tool developer for a startup.
Finally, after a year full of preparation, with my newly gained knowledge, I decided to give it a go to become a Full-Time Pentester.
I started reaching out to the community if they were aware of any job openings in their organisation or any other organisation for the “security analyst” role. I heard back from a couple of them but they weren’t quite satisfying.
You only live once, but if you do it right, once is enough.
The very next email I got was from Bharath regarding a potential job opportunity at Appsecco. The email was timed perfectly, just like a dream opportunity knocking at my door.
As part of my bug bounty journey, I had a habit of reading blog posts and research articles from well known Infosec teams. Appsecco was a heavenly resource. This was a dream team, a great opportunity for me to join a team of super-motivated, smart, competent and talented people as a complete beginner. I was way too stoked and couldn’t believe this was happening to me.
With no doubt, I went forward and had a technical interview scheduled with Bharath.
The interview went smoothly and was mainly around core concepts of web application security.
Over the coming one week, I was kept well updated on the next steps and then finally I had a call with Akash. I was quite nervous but the interview was more like a friendly managerial interview. Akash then reached out to me asking to revert as to why I was interested to work at Appsecco.
After a heartfelt email, I received an offer and was looking forward to join the team.
In October 2020, I finally joined Appsecco as a full time Security Analyst.
COVID-19 was still a looming threat and working remote was the only option.
Personally, I had missed working with an on-premise team since my last internship which was a year back but my journey here never made me feel any different.
The onboarding was smooth. The internal training and documentation was all setup, well organised and ready to be consumed. All thanks to Bharath, Riyaz, Akash and the rest of the team for having a well structured, ready to consume training material.
In no time, I picked up the Appsecco way of doing assessments. In the team, everyone is helpful and supportive. Whenever I had any queries, we would get on a call and resolve it.
In the first three months, through internal training programs and shadow assessments, I brushed up my knowledge on
Gradually, with guidance from the team, I have learnt to perform great pentesting and deliver quality reports.
With the Appsecco methodology in place, I have been able to perform quality security testing for web applications and cloud infrastructure for a variety of clients and in the process, find some amazing vulnerabilities.
With every new project, for an interesting finding, I would always take the guidance of Bharath and Riyaz to take the vulnerability a step further and share the learnings with the rest of the team. Pankaj and Kavisha were always available to help me overcome any challenges I faced during assessments. Brainstorming with the team helps us find creative vulnerabilities. We also have a treasure trove of quality findings we re-use appropriately across assessments.
I am also thankful to the company extending support to skill up in cloud security and having us pursue cloud security certifications. In June with the extended help of the management and collaborative preparation effort with the team, I earned the AWS Certified Security — Specialty credential.
Lunch meetings are amazing. I have rarely missed lunch meetings as this is a single call that happens once a week. This is the time where everyone comes together on a zoom call where we all eat lunch over an enjoyable conversation. We even play Skribbl. We even had a Skribbl League where points for each game gets added up for the yearly Skribbl Championship.
Appsecco has been very thoughtful about the COVID 19 pandemic. Since the beginning of the pandemic, first Fridays of the month is a COVID holiday. Last Fridays of the month are Fun Fridays and all other Fridays are learning activities — we have a hackathon where everyone works on learning a new topic. The Security Team also discusses quality reads from various blogs and brainstorms on the same.
We all have been working from home from more than a year now. Looking back at how a year went by, all of these activities have helped bring the team together, stay connected, optimistic, positive and maintain a healthy work-life balance.
Akash is a really great mentor. He has put a lot of effort in making sure that all of us stay connected despite being separated miles away due to COVID. He is an inspiring leader. His timely meetings have helped us be prepared to fight the adversities and worries well in advance during the different phases of the COVID-19 pandemic. His newsletters have helped me remain mindful, improve my self-esteem and be productive during these challenging times.
Akash was my top competitor alongside Ayush for the Skribbl League
Bharath is a great listener. He speaks less but his ability to listen, understand and answer a query by being calm and attentive is what makes him the best. He has helped me beautify my bad report writing skills that I had picked up during my apprentice stages as a bug bounty hunter. Because of his guidance, now I can convey vulnerability findings on a pentest report in an easy to understand, organised and technically detailed manner.
We share a common hobby of hiking and taking nature escapes. We haven’t met each other in person yet but I plan on going on a nature trip with Bharath soon.
Riyaz is a cool and funny hacker. He lightens up everyone's mood with a specially crafted joke that he comes up impromptu for any given scenario. His character is a blend of Gilfoyle and Dinesh from Silcon Valley.
Not only is he super fun but at the same time he is super hard working and experienced.
He is very innovative when it comes to exploiting bugs and help them reach the next level. With any interesting finding I have come across and have approached him, Riyaz has helped me visualise and deliver creative exploit chains to show impact. Over time this has improved how I look to abuse an application feature to craft a vulnerability.
Riyaz is our in house quiz master and stand up comedian during Fun Fridays.
Gwilym and Akash — our Leaders and the top management have handled the COVID pandemic very nicely. They planned everything and made sure we had the best resources for working from home. I enjoy listening to Gwil’s stories and experiences in the UK and I look forward to our in person meeting next year. Both the Diwali 2020 and 2021 packages were very wholesome and very thoughtfully put together.
Shruthi is a core member of the fun committee at Appsecco. Its because of her planning that we got to spend the best virtual lunch calls and fun Friday events. Shruthi is the most energetic and talkative person in the entire team. She makes the team hangouts more lively and engaging.
Active events such as Zumba, Yoga and Secret Santa were organised for all of us during Fun Fridays. These activities have been highly impactful on our emotional and physical well being.
Thank you Shruthi for every bit of extra effort you put in that brought out the best in every one of us.
I have a long journey ahead of me at Appsecco. I have just begun adventuring into the world of Cloud, Cloud-native and Container security. I also have my first conference talk lined up soon and I am excited about my journey ahead.