We love shining a spotlight on the remarkable journeys of individuals who've turned their passion for cyber security into successful careers. Today, we are thrilled to introduce you to Richárd – a TryHackMe user who has recently soared to new heights after securing a role as a Security Engineer for a major cloud-based presentation software company.
We spoke with Richárd about his journey - the successes, challenges, advice for aspiring Security Engineers, and his recent experience securing a promotion as the Tech Lead of Security Engineering at Prezi!
Richárd, please tell us a little bit about your background:
Ever since I started programming, I’ve always been interested in the security aspect of digital tools. I remember hacking into some high school servers, resulting in awkward meetings with the IT department afterwards!
During my bachelor’s degree, I also participated in science laboratories with the topic of network communications, microservices, and security. I’ve worked on smaller web projects with a couple of friends and won a few funding rounds for my projects. I’ve also just completed my Master’s in Computer Science.
Why did you start learning cyber security?
When I was in elementary school, the best thing you could have (in terms of technology) was a USB flash drive with a not-so enormous capacity of about 4 gigabytes! I loved trying out all the services that came out then, so I began accumulating more and more username/password combinations. It became unwieldy fast.
As my first more significant project, I made a Windows Form application that stored passwords in a file encrypted with a master password. I could safely take the file with me anywhere on that USB flash drive alongside the app. Of course, to accomplish this, I had to consider the security aspect of reusing passwords, how to make a security tool easy to use, and what encryption to use and how. I enjoyed the process, so I kept on going.
(Unfortunately, I’ve lost the source code, but the app itself is still available on my GitLab!)
What inspired you to become a Security Engineer?
When I neared the end of Batchelor’s degree, I knew I wanted to continue to a Master’s degree. This decision also gave me some time to think about the path I want to take professionally.
In cyber security, two prominent roles were marketable: an analyst and an engineer. An engineer’s job is to create and manage the tools that the analysts will operate. As a primarily programming-oriented person, I thought the engineering direction made the most sense. So at this point, I had offensive security experience and programming experience. However, to become an engineer, I had to tie these together!
What have been the biggest hurdles you've leapt over in your professional journey?
When hearing about cyber security, it’s easy to think that it’s just a subset of engineering and that you must understand a specific set of tools to succeed. In my experience, this is the exact opposite.
As someone working on microservices in the cloud, I have to be adept in countless fields, such as software engineering, microservices, cloud providers and infrastructure, computer networking, continuous integration and deployment systems, logging and aggregation of big data, security risks, attacks, and the current threat landscape. Gathering all of this knowledge is complicated, and I’ve often run into a topic and branched off to countless others when trying to navigate it.
The way I overcame these is curiosity, consistency, and structure. I was curious to learn new things, so it felt more like an opportunity than a task. I tried to be consistent and learn even on days when I did not want to do anything. The structure is the part where TryHackMe helped a lot!
What advice would you give aspiring Security Engineers?
Don’t just learn; experiment! When you learn a new way to simplify proxies, a new type of ransomware, or you have an idea for a set of URL filters that might catch many attacks, write down all these and start working on them. Bringing your theoretical knowledge into reality has countless advantages. However, sometimes you will find that you have a new idea that you can add to the solutions proposed by others. Having unique and original solutions is where you start to feel like you know a lot! Impostor syndrome is widespread in the security community.
I’ve accumulated almost 100 such projects on my GitHub, and sometimes I write articles when I find something interesting. If you are interviewing at a good company with a great manager, they will consider this and even ask about some of them! If they don’t care, well, do you want to join them after all?
You might get refused a lot initially. Hiring someone to do security with next to no experience is risky, especially for smaller companies where you might be the only one specialised in security. If you overcome this, I promise it will be a cakewalk afterwards! I get about 5-10 job offers on LinkedIn every week.
Finally, do you have any other advice for TryHackMe users?
If you are seriously thinking about a career in cybersecurity, I encourage you! It will be fascinating and rewarding! You are at a great place if you start learning with TryHackMe courses and work on your projects.
TryHackMe is a fantastic resource to bring structure into your learning journey. The great learning paths really jumpstarted my interest in ethical hacking and gave a deeper understanding on various security-related concepts. Some of which I used when applying for my current job as a Security Engineer at Prezi today and have helped in my journey to recently becoming Tech Lead of Security Engineering!
I started by polishing up my offensive security skills for the interviews with the Penetration Tester-themed courses, then moved on to pick up knowledge on blue teaming with Cyber Defense.
I loved these courses because they gave me surface-level knowledge on a wide variety of topics. I use the term “surface level” as an advantage. Of course, you cannot master 30 distinct areas in a 40-hour-long course, but you have a starting point, a goal, and an introduction to several tools you did not ever use or even hear about. I believe this is one of the main advantages of the university; this one is cheaper and better put together.
And finally, I recommend a book highlighting essential aspects of learning and working in such a fast-paced environment: ‘Deep Work’ by Cal Newport. It will flip your view on how you should approach learning and getting the most out of your courses.
Thank you so much for your time and advice, Richárd! You can follow Richárds’ journey on LinkedIn.
Inspired by the journey of Richárd? Launch our brand new Security Engineer learning path, enabling you to strengthen your skills in the area of security engineering. You’ll learn about the foundations of building secure systems, networks, and software.
Ben Spring