At TryHackMe, we love hearing stories about how our users have used the platform to change career paths and excel in their roles.
This time, we interviewed Suman Roy, a dedicated TryHackMe user who very recently landed a new role as a Software Engineer - Security Research.
In a recent post shared to TryHackMe’s Discord, Suman said “I wanted to express my deep gratitude to TryHackMe. Your platform has been instrumental in expanding my skills, and it's a major reason why I landed this fantastic job. To the entire TryHackMe community and the awesome content creators, thank you for making cyber security education not only effective but enjoyable.”
We wanted to learn more about Suman and his journey, so we invited him to participate in an interview, which we are now delighted to share with you! Continue reading to find out what Suman says.
Suman, can you tell us about your background?
As a Senior Associate at Wipro (2019-2021), I specialised in troubleshooting computer issues, boasting two years of experience. Within this role, I not only developed critical thinking skills but also nurtured a mindset adaptable to diverse scenarios. My proficiency extends to troubleshooting, hacking, and coding, allowing me to identify and address flaws effectively. Serving clients in the United States further refined my communication skills.
I took pride in being recognised as a top performer, consistently ranking within the top 3 in my process. In my day-to-day responsibilities at Wipro, I excelled in remote troubleshooting for various devices, encompassing computers, printers, network devices, and smart appliances.
What made you want to embark on a career in cyber security?
My journey into cyber security began in 2012 with a significant breakthrough. I successfully hacked FolderLock 7, skillfully bypassing the master password through a simple registry hack. The following year, while still in 12th Grade and studying as an Arts student for Higher Secondary Education, I uncovered a deceptive scheme on a website promising MacBook Air giveaways.
Adding a unique twist to my story, during my 9th-grade days, I didn't even have a personal computer. To fuel my curiosity and passion, I had to save my lunch money, so I regularly visited a cyber cafe to explore and learn new things. This early dedication laid the foundation for my unwavering commitment to the dynamic world of cyber security!
Throughout my professional journey, the gratification of assisting clients in troubleshooting deepened my dedication to the field. This experience inspired me to contribute significantly to my nation's digital defence. Despite facing challenges, such as pursuing Arts with Computer Science in high school and leaving university in 2017 for personal reasons without completing a degree, I actively pursued skill development independently.
In 2023, I proactively embraced the challenge of hacking scammers and actively participated in Vulnerability Disclosure programs. This not only served to further refine my skills but also acted as a personal validation of my capabilities in the dynamic realm of cyber security. My journey is a testament to the belief that continuous learning from TryHackMe and hands-on experience is crucial in staying ahead in this ever-evolving field.
What inspired you to become a Software Engineer - Security Research?
In January 2024, a remarkable opportunity presented itself, opening the door for me to delve into vulnerability research on source code—a pivotal moment marking my initiation into the realm of cyber security. The prospect was not only exciting but also immensely appealing, considering it was my first job in the cyber security domain.
Recognising the significance of this breakthrough, I eagerly seized the chance, understanding that this experience would be instrumental in shaping my trajectory within the cyber security field. Engaging in active research on new vulnerabilities and developing Proof of Concepts (PoCs) has become a cornerstone of my professional journey, providing me with a robust foundation and fostering a continuous learning mindset.
This role not only aligns with my passion for cyber security but also propels me to stay at the forefront of emerging threats and innovative security solutions, contributing to my growth in this dynamic field.
How was the job application experience for you? We would love to hear more about your challenges and lessons learned!
The journey through the cyber security job application landscape has been both challenging and enlightening. Most roles demand a strong foundation in software development or security engineering, making it daunting for those without extensive experience or degrees. Internship opportunities often come with little to no pay, adding another layer of difficulty in establishing a foothold.
Despite the prevailing notion that a degree is not mandatory, relying solely on online certifications or badges doesn't always resonate with recruiters. In my case, I lack the allure of fancy certifications but have acquired valuable ones from reputable sources like Oracle, CISCO, and TryHackMe.
Navigating the job market for a while, I faced numerous rejections until LoginSoft recognised my talent. The key lesson learned is that real-world experiences, such as engaging in penetration testing, bug bounties and vulnerability disclosure programs, play a pivotal role. My advice to fellow enthusiasts without extensive certifications or experience is to actively participate in real-world projects, hackathons, and document their experiences in blogs and social media.
While the traditional approach of obtaining a degree may be advisable if feasible, it's not a guarantee of success, as I've witnessed individuals with degrees facing rejection. The true takeaway is to immerse oneself in real-world projects, participate in hackathons, and become an active part of a community of like-minded individuals. Personally, I found a supportive community in TryHackMe's Discord channel, where I not only gained valuable insights but also formed a team that shares common values—a testament to the power of building connections within the cyber security community.
What advice would you give someone just starting in cyber security and/or security research?
My foremost advice to those venturing into cyber security or security research is to embrace the learning process fearlessly. Don't shy away from making mistakes or diving into unfamiliar territories.
Reflecting on my own journey, when I started exploring platforms like TryHackMe and engaging in Capture The Flag (CTF) challenges, I often found myself delving into new topics triggered by my quest for solutions. It was a challenging yet rewarding experience.
Persistence is key—don't give up, especially when the path seems daunting. Understand that those making a living from bug bounties have honed their skills through a deep understanding of how to investigate targets before launching an attack. This specialisation comes with time, patience, and a genuine passion for the work.
The journey toward proficiency is not an overnight feat. Personally, it took me a consistent six months of dedicated efforts on TryHackMe to successfully crack a scammer's site and delve into Vulnerability Disclosure Programs (VDPs). Contrary to popular belief, success in cyber security is not solely about mastering programming languages or technical details; it's about cultivating a mindset that can discern patterns and identify vulnerabilities uniquely.
Do you have any tips/advice for achieving this role?
For aspiring individuals eyeing this role, I cannot stress enough the importance of consistency in your learning journey. A glimpse at my TryHackMe profile showcases the level of dedication I've maintained—regularly tackling hacking rooms, with occasional breaks dedicated to hacking scammers and participating in Vulnerability Disclosure Programs (VDPs) to continually test my skills.
Embrace adaptability, akin to water flowing seamlessly based on the scenario. Mistakes and challenges are inevitable; don't be deterred by them. In the world of Capture The Flags (CTFs), while they serve as valuable training grounds, it's essential to recognise that not all scenarios mirror real-life situations. They are primarily designed to enhance your skills, providing a structured environment for learning.
Take a proactive approach to elevate your understanding by delving into other people's code. This not only broadens your perspective but also propels you to a different level of comprehension. Remember, consistency, adaptability, resilience in the face of challenges, and a willingness to learn from diverse sources will undoubtedly pave the way to success in this dynamic and evolving field.
How did TryHackMe help you through this journey?
While I didn't strictly adhere to a specific learning path on TryHackMe, I do recommend starting with the 'Info' rooms to gain a foundational understanding if you're new to the field. Proceed to tackle easy rooms to build your confidence, and once you find yourself navigating through them without relying on write-ups, venture into the medium difficulty level. This progression allows for a gradual and effective learning curve.
Despite not being a paid user initially, I spent a solid year exploring free rooms on TryHackMe, ranging from easy to hard. The absence of a paid subscription did not hinder my progress, emphasising the wealth of resources available to free users.
I strongly advocate for the habit of making notes while hacking. This practice provides a valuable reference point, revealing patterns in the tools, techniques, and tactics employed in different scenarios. The goal is not memorisation but developing the ability to analyse and apply solutions across diverse situations.
When faced with challenges, don't hesitate to leverage the power of Google and, of course, seek assistance from resources like ChatGPT. Remember, it's not just about memorising information; it's about cultivating a problem-solving mindset and adapting your approach to unique scenarios. Enjoy the learning process, stay curious, and embrace the support available in the cyber security community.
Thank you so much, Suman! We loved taking the time to understand your journey and the challenges you have endured, and couldn’t be more excited to see how you progress in your career. You can follow Suman’s journey on LinkedIn.
Ben Spring