4 min read

Categories

AMA with DC


Director at @secdataco 🔥 | Co-Founder at @airdeskr ✨ | Owner at @CSG_Online 🔥


  • Do you think age is a factor in getting in to a junior pentest job? Whom do you think an employer choose, a person with around a decade of experience in development or someone fresh from college provided both have performed same in the interview and have same certs and all?

    • Absolutely not. I’ve seen people 40+ get into junior positions (especially veterans) as well as into SOC analyst roles. It largely depends on what type of organisation that person is apply to as to how they are looked at for job suitability.


  • What are the most impactful bugs according to you and can you please give any tips to increase the impact of a bug?

    • I don’t really do too many bug bounties any more. I find it too time consuming, taking away time from other projects.


  • Q1) How you create your content, it’s cool. (I have same mic, will be great if you tell how you edit)

  • Q2) Obs plugins that you use. If you use obs.

  • Q3) Any advice for me, like I know very little about content creation. (Example https://youtu.be/kdREVYBq0Mw)

    1. I come up with an idea I think is interesting and talk about it. I use a gopro for video (usually) and the blue yeti blackout mic for audio in OBS tied together with my screen recording. I do it this way to get as good a video and audio as possible. I don’t use any plugins.

    2. I then edit the videos in adobe premiere pro, add a +3 bass and depending on how noisy it is around me the denoise effect. Sometimes I add colour correction but I’m not really good at this so I try to keep it simple.

    3. Focus on talking about things you are passionate about. Once you begin, the words will just come out. Be as authentic as possible and try to enjoy yourself.


  • Q1) Craziest vulnerability found in pentest?

  • Q2) What vulnerability took you time to execute/escalate?

  • Q3) Favourite tools?

  • Q4) Views on certificates and collage degree, does it as a gatekeeper?

  • Q5) What will be your message for your younger self starting his journey?

  • Q6) What are your expectations from a pentest fresher?

    1. Craziest? Probably admin@domainname.com with Password123 as the password on an on-prem exchange account. No MFA enabled - just straight in. I didn’t even mean to find this tbh it was just a pot shot. Crazy…

    2. SQLi is always the 1 thing that takes me forever, but when it pops… ohhhh boy does it pop!

    3. Nmap for actual work, wifite for giggles.

    4. These days I feel like a college degree is absolutely necessary. Certifications are great to have, but I personally don’t think they are as important as a degree.

    5. Don’t give up. Seek help if you need it. Pace yourself. Enjoy the journey.

    6. Passion. I love to see passion for learning, passion for breaking things and passion for doing things better or differently that other people might not yet have tried yet.


  • What’s your advice to build a career in cyber security (web)?

    • Focus on firstly skilling yourself up and then secondly getting hands on experience. Bug bounties are a great way to learn about web app pentesting. One thing that I see getting missed often is how important a report is. Writing a great report is extremely important!


  • What is the best way to strenghten our skills required for overall pentesting carrier, like what things to keep in mind as a beginner to get going?

    • First thing to keep in mind is to not overwhelm yourself with information. Take it slow - it’s a process. Focus on one type of pentest first and work your way across to other types of pentest, for example; focus first on web app pentests, then transition across to AD or DB tests.


  • Q1) Why you hack?

  • Q2) How do you keep consistency?

    1. Because I find it to be a fulfilling job.

    2. I set myself goals and schedule as much of my day towards what I want to get done as possible.


  • What do companies check in a candidate which creates a great impact other than certificate?

    • Companies LOVE to hear about your personal projects that relate to cyber security. They also look for a good personality fit in the company you’re applying for. Terms like “Team Player” really resonate loudly.



  • What cybersecurity jobs are available in online marketplaces like @fiverr, @Upwork, @freelancer, @Microworkers?

    • Most of the jobs on these platforms are for once off services, like a pentest against a particular service at a heavily reduced price or teaching someone how to conduct a pentest. I wouldn’t really recommend these platforms as a route for earning a decent wage though.


  • What are the average requirements a junior cybersecurity consultant should have?

    • The average requirements in AU are 2-3 years experience in IT (usually as a network engineer or a sysadmin) and a degree in IT. There are positions available here for people fresh out of college but they get taken by people with experience in most cases.