3 min read


AMA with Rohit @ VULNCON

  • I am a 2nd-year comp science student from India. Is there a chance for me in the infosec filed? How do you suggest I start out? Are certifications needed?

    • Certifications are not needed in the beginning. There are a lot of free available resources on internet.

    • Start practicing and earn Hall of Fame and Recommendation Letters which will be valuable in long run.

    • Do internship and get Job, let your company pay for your cert.

  • What does “Hall of fame” refer to? Secondly I have started learning seriously from hack the box.

    • Hall of Fames means when you report a valid bug to a organisation and they acknowledge you with either a certificate or honourable mention on their Website. HTB is good resource as well.

  • Can you please tell in short about starting a cybersecurity start-up? What you advise if someone is willing to start?

    • It’s not difficult to start a cyber security startup. All it needs is 90% of great vision and 10% of govt work. I started @HacktifyS 3 years ago and I would honestly say you have to give 1000% in begining and take care like your new baby.

  • What is the salary growth of a junior penetration tester in India?

    • Salary growth is good and increasing continuously and will do more in future. Example: You can expect a 4 -6 LPA as a fresher in India currently as all of my students have got.

  • What are the skill requirement’s to get a job in India in infosec field as currently I’m perusing my engineering and looking for jobs/internship in this field?

    • Skills Required for an Internship/Entry Level Job:

      1. You should have basics clear.

      2. You must know - Linux, Networking, OWASP, SANS.

      3. Understanding of Code (What’s written by others).

      4. Any 1 programming language is advantage.

      5. Creative Thinking.

  • Like we have developer internship in college, how to find penetration tester job internship?

    • There are a plenty of opportunities you can find a Pentest Internship, just check Linkedin, Internshala and Intern Facebook Groups for more opportunities.

    • You can also apply for http://internship.hacktify.in we are currently running a cyber security internship.

  • What to do to sharpen my skills before getting into bug bounty?

    • Few Points to sharpen your skills:

      1. Learn Hardcore Basics of everything.

      2. Read hackerone hacktivity and learn by other reports.

      3. Read Infosec Writeups on Medium.

      4. Replicate each bug you read on at least 1 program.

  • As a beginner, which programs and platforms should we start hunting on? How would I understand that which resources should I follow? Is 2021 worthy for bug bounty?

  • What’s your advice: Hack for money or Hack like you are an artist?

    • Hack for making internet safe and making a better place for everyone. Money will automatically flow.

  • How to create content on something?

    • Tips to create content:

      1. Research is very important.

      2. Learn and understand the concept and explain as to a 5 year old kid with as simplicity as you can.

      3. Once they know what you want to say. Then throw the technical jargon and definitions at end.

  • How to find bugs via regex? Any tips to learn about regex can you share some resources?

  • What are the tools that you mostly use?

    • A Lot of Open source tools and few paid if they serve my purpose. Also, I modify the tools to suit my needs accordingly.

    • Few Paid Tools namely:

      1. Burpsuite

      2. KNOXSS

      3. Burp bounty

  • Is degree important in cybersecurity?

    • A special Cyber Security degree is not mandatory to get in Cyber Security. If you have one its an added advantage.

    • Tip: Ask your company to pay for your degree once you get in the job.

  • What advise would you give to a 6+ experienced software developer who wants to shift to infosec? Primarily get a job in this domain? Any certification? Courses?

    • You are a gem yourself. With that much experience, You have a strong understanding of code and know how things work. You already have a added advantage of this. Most of the people in infosec will give you the advice to learn code which you already know.