I vividly remember it was in the second year of the undergraduate program I wanted to understand how hackers compromise the system, gain access, leak data, etc. But, when I tried to learn the same, I could not understand a thing, because to compromise a system you need to understand the very nuances of how it is built and how each and every part works, thus I started learning to build systems; and one road led to another and here I am working full-time as a Backend Engineer for last ~3 years, building and maintaining complex distributed systems, every day. I love my job and thank each event that led me to where I am, but something was missing, the reason why I started building systems was not addressed, yet.
When I saw the advertisement on LinkedIn that C3i centre of IIT Kanpur is going to conduct 6 months of executive program on Cyber Security for 50 executives pan India, I knew what to do, enough though I barely met the criteria and was probably youngest of the batch.
Six months forward, working on weekdays and learning on weekends surely paid off. Definitely 6 months is not enough to cover security, but Professor Sandeep Shukla, Rohit Negi and Anand Handa did an incredible job at what I consider most important, and that is, they are able to implant the seed of interest regarding the subject. It is quite humbling for me to have the chance to learn from such incredible people.
The following are key learning I take home:
1. To be able to exploit a system one needs to know to build the system.
2. Security is a mindset. To hack a system is to get into the mind of the developer of the system.
3. Vulnerabilities introduced by the developer is because of a flaw in thought process, an error in thinking or an inability to think about a boundary condition in which an unexpected event can occur, either intentionally or non-intentionally.
4. Security is not one subject to learn, it is an amalgamation of multiple domains, ranging from computer networking, DBMS, programming to the art of being unaware of every digital activity, being aware of observing events, fallacy, tricks, social engineering and what not!
5. Being a good hacker can help to be a good developer because then you will be aware of not making certain mistakes, not taking care of certain conditions, etc. i.e Secure Programming.
Built a malware for the capstone project- https://souvikhaldar.github.io/huntsman/
At last, this post would be incomplete without quoting one of the best TV series ever, which played an inspiring role in my life as well.
“I’ve never found it hard to hack most people. If you listen to them, watch them, their vulnerabilities are like a neon sign screwed into their heads.” - Mr Robot