My Strange InfoSec Journey
Updated: Oct 2, 2020
Hello Readers! Today I am going to share my InfoSecJourney.
Firstly, I would like to thank and give all credit to my parents and my wife who are always supportive no matter if I failed again and again. They are always there to encourage me in all the good and bad times.
Journey - The word itself defines that it never ends.
How I came across the IT Firm...!
I am from a very small-town, where technology was not there before. I enrolled my self in IT field around 2005-2006.
In 1998, it was the first time I saw the Computer at my friend’s (Tejas Patel, Kishan Panchal, Chirag Panchal – Best Friends) home where I used to go there and play games on it. I remembered that I played lots of games in Computer. I spent lot of time to play Games on Computer during my school time. When I was in school there were very less schools in my town who provide computer education.
So, I decided to take admission in school which provides computer classes I remember that I joined School Navsari High School Navsari, Gujarat India. where they actually don’t have Computer Labs in School but they wanted every student to learn computer basics. so at that time they had to tie up with a small game zone center where kids used to pay and play games, WOW..!
All computer classes were arranged by weekend only. I used to spend 2-3 hours to learn computer basics. I remembered my 1st hands-on operating system was Windows 95 and during learning in school time, later it was updated to Windows 98. I was so amazed that my first command I typed was “dir” DAMN GOOD..! That was the feeling I can not forget.
That day I was so much curious about the Operating System and Computer. So much Curious that I want to know more about these things. Later I joined Computer private classes where I came to know they are the future. I was and am so much passionate about it, so when the time comes after schooling, I decided to make my career in Computer World.
I joined Private organizations who provide Computer Graduation certification as well as Master Certification in Computer Applications at vacation time after passing 12th Exams.
I further continued my study regarding Computer and Applications and I got in touch with more people and while studying in groups I came to know that there is an international certification provider available for student who want to make careers in fields like Developing Web, Application, Computer Networks, Servers, Hardware components.
I was not always fond of computer coding but would wonder apart from coding is there any computer related stuff from which I could get the knowledge and choose as career.
During 2009-10-11 I joined some private organizations like JETKING, IIHT, Sun Infosystem where I studied about Hardware, Networks, Servers, Operating Systems.
I was so confused at that time as what are the exact requirements or demand of IT companies after studying so much in Network, Server Fields. One of my instructors suggested me to explore the IT securities. I didn’t have much idea about this so he suggested me to explore Network Security Field as I already cleared CISCO Associated Level exams.
The time comes where I have to get a job in IT industry or find a job where I utilized my knowledge. My career journey started with M/S. SCI Security Pvt Ltd which is based on Physical security services as well as they provide Electronic Surveillance System (CCTV) to Large Manufacturer companies like Ambuja Cement, Nirma Ltd etc...
I would like to thanks to Mr. Sarvesh Dubey , the owner of this company. He gave me 1st opportunity where I started my career on how to manage and implement small networks, computer hardware and software of the company.
After that I joined company Cogent-E-Services Pvt Ltd which is a call center where around 1000 employees work together as one shift where I learnt more about IT infrastructure like how servers and network established in a good manner. I learnt so many things here related to Microsoft Server, Cisco Networks, how to install servers and networks equipment in rack. How to organize IT infrastructure etc... Continuing this job, I felt that still I was lacking something, something like giving boost while doing work. So much I learned from my jobs but I always would wonder to find something that will encourage and inspire me to learn more and more.
I resigned my job and enrolled for CCNP Security course provided by private institute in Surat. I did freelance with study. Here, I came to know much security contents and work with it like Firewall and IPS/IDS, network monitoring tools.
After completing this course, I got call from Reliance Industries Silvassa.
Mr. Kalpesh Parmar – Network Manager. I cleared the interview and I came to know that working place was Reliance Industries Silvassa and Payroll is Microlink Solution Pvt Ltd. I agreed to join and cleared one more interview with Microlink Solutions Pvt Ltd.
IT infrastructure is huge at Reliance Industries where I handled around 3000-3500 node with around 500 Network devices including Switches, Routers, Firewall. Lot of things to learn here as my Manager was much supportive, he gave some critical tasks to me and always plan some critical activity on my presence so that I am aware of and could handle the situation if things go wrong in his absence. He always encouraged to learn new technology as IT industries is growing so fast on daily basis. I have spent around 2 years to manage and monitoring network equipment.
In 2018, Reliance Introduced IRM (Information Risk Management) Team to Silvassa Unit. This team always work remotely from Headquarters of Reliance Industries. First, I thought maybe it is belonging to management team only but after meeting of Local IT management staff my manager introduced new rules to our network team that we have a lot of task to complete. I am always curious about learning new things. We had a technical meeting that we must implement basic security to all network equipment.
Here, times comes where I utilized my knowledge, at that time I also studied CCNP (Cisco Certified Network Professional) Security and prepared for international certification. There was a standard document designed by IRM team to secure networks and here I suggested what commands (Switches (L2, L3), Routers, Firewalls) need to be implemented according network infrastructure of Reliance Silvassa Unit.
End of March 2019 I received an award as major role in VAPT (Vulnerabilities Assessment and Penetration Testing). At 1st I did not actually realized that what is VAPT… WOW…! I was quite surprised…! I did work related to implementing and checking security to all devices. I did manual test to check critical nodes day by day, generate a report and send it to IRM (Information Risk Management) Team.
I am thankful to Mr. Kalpesh Parmar and IT Team of Reliance Industries Silvassa as well as Team of Microlink Solution Pvt Ltd at Silvassa and Ahmedabad. I have spent more than 4.5 years with both company and learnt a lot of new things.
In November 2019 I resigned from Microlink Solutions Pvt Ltd because I decided to move to Bangalore to get better opportunities in Network Security firm. I started searching Job related IT Network Security firm on different job portal and I realize that there is firm called SOC (Security Operation Center), I started to search about it and I found that this is only startup platform that give me career boost in IT Security firm…!
HackerU (Jigsaw Academy, Bangalore) towards Master Certificate In Cyber Security (Red Team)
Firstly, I would like to thanks my Wife and say HackerU journey is not possible without support of my Wife.
I remembered that, I stared my job in February 2011 it's been past 8+ years that I was doing job in different role like IT assistant, IT Administrator, Network Security Engineer, Sr. Network and Server Engineer.
During these years I have also done projects related to developing small applications and setting up wired and wireless Networks, Configured Network-Servers-Virtualization-CCTV-Bio-metric also mounted Network Servers to racks with proper cable dressings in rack.
Everyone suggested me that you have to be expert in only one firm but I love the IT firm and I love to work with each technology if in future I might get an opportunity.
But I always wonder and explore for the position where I look after all the things together. I am from small town and I don't have proper guidelines I came across lots of people who are doing jobs in IT firm and mostly they look for specialists in Servers, Networks, Virtualization and so on..
I was so nervous and frustrated I didn't understand after doing lot of things in IT what career should I choose that will give me everything I want.
I follow this quote,
"FIND A JOB YOU LOVE, AND YOU WILL NEVER HAVE TO WORK A DAY IN YOUR LIFE"
End of December 2019 I came across the profile of my friend and classmate, in LinkedIn Azaz Dobiwala. He mentioned working organization HackerU in job profile. I was quite curious about the word HACKER. So I stared my search about this organization on internet.
WOW....! I was so amazed that the company is basically from Israel so I explored more about it and finally came across JIgsaw Academy Bangalore.
while surfing Jigsaw academy portal I found the contents of course (Master Certificate In Cybersecurity - Red Team)... Sounds interesting and I forwarded my details in portal for further queries.
In January 2020 I came across the various institutions which provide courses in Cyber security but I found contents provided by HackerU is very well organized.
As before I also had a plan to shift to Bangalore for Job purpose but this Red Team contents actually changed my mind, finally I found my answer that If you want to look after most of the things in IT Infrastructure then you have to be part of Red Team Member.
Finally I joined... !
Before i get started..! I would like to thank all my mentors
Swaroop Yermalkar (Head of Cyber Security - Red Team at HackerU (India)),
Azaz Ahmed (M) Dobiwala (Senior Cyber Security Instructor - Red Team) and Yogendra Swaroop Srivastava(Cyber Security Intern - Red Team) at HackerU India. Thank you for an amazing roller-coaster journey.... in Cyber-security world.
I Specially thanks to Azaz as he is the one who guided me to do this and enroll as soon as possible. As I already left my job and planned to visit Bangalore to find job.
Azaz is the one who encouraged me to do this course. Thank You so much Azaz.
I joined Red team because of course contents and mainly it is offline. I compare all contents with others institutions and found it was not done in 3-4 months. It will take almost 1 or 2 years to complete all but you mentors did it in a very organized way with lot of efforts and very interactive with all students.
The course is structured with three phases,
1st Phase - Online Training
2nd Phase - 1 Week Offline Training
3rd Phase - You have to clear the exam what you learned in Phase 1 and 2 with 70% Marks to enter this phase
I am all set here ! It's Hackampus ! Sounds interesting !
I Logged in to the portal and there I found very well organized and structured syllabus.
Portal has everything what you learn and what will be your next topic. They released the books one by one according to course content.
All books are written by Idan Stambulchik. (Head of Red Team International Training & Penetration Tester at Hackeru Solutions)
Phase 1: Fundamentals
This phase of course started from 4th March, 2020 for a duration of 20 hours.
I had Azaz Dobiwala and Lion Kontorer as instructor. In this phase I was comfortable with all the concepts because I had already gone through some required basics of IT Infrastructure. After completion of 1 Week online training of phase 1.
I was waiting to meet our amazing instructors in Live in-person training of phase 2.
All set here, I booked my flight ticket to go Bangalore and meet our mentors and other awesome students whom I met online in 1st Phase training.
Following all the instructions and everything was ready from my side....
I canceled all my bookings...!
Phase 2: Sorting Stage
The 40-hour Sorting Stage provides the fundamental skill set of Cyber Security
This phase started from 16th March, 2020. We actually must have a live in-person training but due to the pandemic (COVID-19), we were informed that we will have only phase 3 as in-person training for safety of everyone.
We again had Azaz Dobiwala as instructor. During the time of this course, we learnt a lot of interesting basics of Cyber-security concepts like Bash scripting, Linux services, Cyber attack kill chain, packet capture technology, cryptography, anonymity on the web, Attack vectors on web and network etc.... Sounds interesting......!
After the completion of 1st and 2nd phase training I had final assessment test for Phase 1, 2. Here we require a passing percentage of 70%. One who fails to secure >=70% will be not eligible for phase 3. I gave test and secured >80%.
I received a mail that I passed 2nd phase and am eligible for Phase 3.
After brainstorming for few days, I finally decided to go ahead with Master Certificate in Cyber Security (Red Team) by HackerU, India.
I want to meet all the amazing batch mates directly instead of virtual meeting. But due to COVID-19, we had to go with online course with no option left to keep up with learning and let the times to be productive.
Phase 3: The Main Program: 540 Hours of Lectures and Labs.
Phase 3 started from 6th April, 2020.
The remaining extended phase 3 course which is very well structured and organized.
I Specially thank to Swaroop Yermalkar that he had to manage the guest lectures, and all lectures were very informative in terms of knowledge and the real-world cyber-security scenarios. Before Joining this course, I had gone through instructors profile and found all instructors have excellent knowledge and industrial Cyber-security experience.
Swaroop Yermalkar's teaching method is very impressive and he explained all topics in very easy way. Especially the Buffer overflow methodology explained by Mr. Swaroop is just awesome I never expected that i would solve Buffer-overflow in very easy way.
Then, we had Azaz Ahmed Dobiwala, who has 10+ years experience in networking, penetration testing with number of certifications which includes OSCP, and number of Cisco certifications which shows his hard way of learning.
I personally know Azaz ,we were class mates where we studied CCNP Security together and had a lots of fun during classes. We learn so many things together.
He has successfully done 20+ IT certification. His teaching skills are very different and shared a lots of resources which are hardly found if you try to find by yourself.
He is amazing in providing contents.
I Introduce here Yogendra Swaroop Srivastava. He is just an amazing person with qualitative mentoring.His teaching was quite simple and would reach many in a short while. I actually don't like the coding part but the way he introduced python was amazing. The way he taught python, never got bored and i have put my efforts to create a new program in python and he is the one who inspired me to do programming in Python. Now I love to do basic coding in python.
For me, The most exciting part of phase 3 is Cyber Challenges provided by HackerU where you have a permission to hack the things...! That's Sounds very amazing for me.!!!
Portal Looks so attractive !
HACK YOUR WAY INSIDE
I was so much excited about this but before u get access of this , you have to learn basic methodology of HACKING.!!!
I had access of it after i learnt few basics of Security and Hacking. I was so curious about this portal which gives you a real time hacking as well scenario.
The labs are designed by security researchers and professionals that give you a goose bumps. Why because here you are free to hack as we know that hacking is illegal but here you have full permission to implement your techniques.
If you feel bored after lots of theory and lecturers ! Here is the place where you will get fun ! Yes I used to do the same if I got bored after reading lots of theory and lectures ! Yes these things helps you to think out of the box !
This portal changed my thought towards hacking skills and techniques completely, I solved as many tasks here and each time it gives a lesson to me about hacking skills and techniques.
Guest Lectures And Workshops
We had guest lectures on advanced concepts including SSRF attacks, Cross site scripting, application vulnerability management, GraphQL Penetration Testing, Cloud Security, Bug bounty approaches, Secure Code review by industry experts from reputed industries like IBM, Paytm payments bank, InMobi, Creston, Cannon N.V., Condeco, Appsecco, etc.
As course provided the OSCP preparation after we are done with all theory and lectures.
We had real time 48 Hours of mock OSCP exam. It was very well organized by team of HackerU India.
For this they 1st trained us to face the exam of 6 Hrs, 10 Hrs, 12Hrs and 24 Hrs of exams conducted by HackerU India. So you will not face any problem in time management while giving 48 Hrs Mock OSCP exam.
Here, I learnt the most important part which is report writing. 1st it looks so boring but when I studied some live cases of hacking and checking the write-ups, I realized that it is very important to learn how to write after you find bug and any vulnerabilities. Yes It is quiet hectic but you should know the writing method also.
We also had question answer session with Rana Khalil who is a Security analyst, OSCP, speaker at BSides, ISSA, OWASP Ottawa & HackFest to clear our doubts regarding OSCP preparation.
During this course I was able to successfully crack around 30+ Boxes on TryHackMe and HackTheBox. Cracking boxes is not the end here, mentors encouraged here to create our own vulnerable box and upload it on TryHackMe or Vulnhub.
I had successfully created one box named brainpain (Windows Based) and uploaded it on TryHackMe it is not just to create and upload, but creating vulnerable box is an art. You can learn lots of things because cracking the box is just you implement methodology but creating a vulnerable box is preventing the methodology of cyber kill chain.
The question ? During this course what I learned ? I can't explain but I can show you that, I have created this web blog (It is also a part of this course) and upload my tasks here which you can surf by yourself and future post will come soon...!
At the end of the course, Jigsaw Academy conducted mock aptitude test and collected our resume and forwarded to companies' HR according to suitable profiles.
I have never expected that this journey ended online I really wanted to meet all mentors personally but due to COVID-19 pandemic, it is not possible at this time but I look forward to meet all mentors as well as my wonderful batch mates.