Chemical Engineer to Cybersecurity
My first practical experience with programming was in senior year of high school when I created a set of games using NetBeans JAVA Spring framework. I cleared the Joint Entrance Examination with merit which allowed me to enroll in the Indian Institute of Technology shortlisting process. IIT Bombay being the cream on top of IITs and it being a three-hour drive from my home was one of the best options staring back at me. The only catch... due to my ranking (2124) I would not be able to get a direct entry into Computer Science. I decided to go ahead with IIT Bombay, thinking that I could switch to CS. I got Civil Engineering as per my merit and worked hard to get a CGPA of 8.77/10 at the end of my first year. This allowed me to get a merit-based department change but alas, I was only able to switch up to Chemical Engineering due to the hierarchy of streams with CS on top.
To gain some experience in programming, I ventured into data analytics. I completed a few MOOCs and two internships. One internship was on Microarray and Mass Spectrometer data analysis and the other was on creating a fairer system of ranking for Triathletes by modelling the difficulty of triathlon races quantitatively. The latter project was a unique experience as I worked in the Faculty of Kinesiology and Physical Education at University of Toronto. After my Bachelor’s I got a job at ICICI Bank as a Technology Manager. I dealt with cloud architecture, DevOps, project management and worked as a Kubernetes cluster administrator, setting up RBAC permissions, resource limits, monitoring and logging solutions for audit purposes. It fascinated me that the security team always has the final say in decisions regarding the architecture and the application. I realised that I wanted to understand more on the security aspects and do what it takes to earn that responsibility.
To start my venture into Cybersecurity, I believe that having a strong technical background in Computer Science is essential. During the first year of my job at ICICI Bank, I read the complete text on Computer Networks (Tanenbaum) and Operating Systems (Silberschatz). I practiced coding and Data Structures and Algorithms problems, having solved 200+ problems on LeetCode. To get hands on experience, I decided to work on research projects. Under the guidance of Prof. Stjepan Picek of Delft University of Technology, I worked on investigating the effectiveness of neuron coverage fuzzing against backdoored CNN models and also applied critical neuron differential fuzzing to identify backdoored inputs. Another research project was under the guidance of Prof. Apostolis Zarras of Delft University of Technology. It involved building an automated tool that used fuzzing to detect vulnerable smart contracts on the Ethereum blockchain.
As a next step I have decided to go for a Master’s degree in Cybersecurity. I started by MS in Cybersecurity at NYU. Although I am doing my Master's degree which is providing me a thorough understanding of the basics, I believe that delving into CTFs and trying to earn a bug bounty will teach me a lot about security at deeper levels. So I have actively started participating in CTFs. Surprisingly, I have already earned two achievements. I qualified for the next (in-person) round for VIVID CTF and my team also earned the first spot among the in-person teams who had participated in Jersey CTF.