[0:00]If someone want to become an Appsec engineer, Appsec professional, you said the starting foundation will be the networking. So do you have the similar lab module, do you have a similar learning modules which they can use to improve their skills? Um, so I have built some courses for absolute beginners. Uh that's my first course that I built.
[0:20]Hi guys, welcome to the session on Coffee with Prab. I cannot say coffee with Prab because this time, this coffee is entire platform set up by the Ansh. A security engineer, product security professional with uh great year of experience and working with hacker one. And the best thing about his is he's a passionate content creator in cyber security community. Uh he built his journey from a hands-on ethical hacking, pen testing and now he's into Appsec and doing a lot of videos on red teaming. I'm one of the person who like his content, uh and uh I'm personally follow his content on OSCP journey. He talk about when he talk about the hack the box and you know, recently I'm a fan of his one of his content what he made on quantum security. So along with that he mentors of thousands learners through his platform which is called as a bitten tech. I hope I correct I pronounced correct Bitten Tech where he shared the practical pen testing techniques, vulnerability research insights and real world security lessons. Along with that Ansh also worked in grounded in both industry experience and grassroots teaching. He passionate about teaching, he explained the topic in a very in a manner which even the non-technical understand and I'm very excited that today we're going to discuss about our one of the useful journeys how to make a career in Appsex. And Ansh welcome to this session and I will be your first student who going to write a lot of notes and uh these questions whatever I going to ask, it is on behalf of the students. Thank you so much, hello everyone. Thank you so much for this introduction. It was uh really descriptive. And it's it's so humble of you to tell me that my content helped you, like you being a more experienced guy than me in this industry, like over I have just been No, no, no, no. I I want to counter this word, no. No, no. The fact is fact, so we cannot be, you know, we are from that. You truly deserve that to be frank. I I just try to be, I just try to be more more guided myself to be able to teach. Like I should know myself first then to teach other people and I just want to gather all the questions from the audience in my my own content, I try to improve every day. So that's just me and uh the way I work in my industry, in my work, in my professional life, I try to teach everything what I do, what I experience and what I learn, when I fail. So all of that comes from my day-to-day work only. And uh really excited to be here. I will try my best to give all the answers the students are asking and I am I am sure we can have a good session. Thanks Ansh, thanks Thank you so much. Ansh, before we start with the uh the actual session on Appsec and all that, what was the journey of Ansh? Because you know, there's a lot of buzz word, there's a lot of myth about cyber security career, appsec, red teaming, pen testing. What is the journey of Ansh? Can you just share your high level overview about because might be those some of the points what you going to discuss or we going to share it can be a very useful for the aspiring freshers. Sure, um I think when I started, we need to go back to straight to my college life. Um even before that, I need to go back to my school life, like I almost started at at my high school. So there was a friend of mine who used to hack those things, like it was it was just childish, childish hacking and fantasized hacking. So I got interested in that and then I started searching all the things, how to hack softwares and games and it was really really fascinating for a child to be able to know like this is magical, the whole world is magical and you you can you can just hack everything you want. So I went there, I tried to crack some softwares with hex editors and uh you know, fishing kits. So I did get some success, but as I went deep into the field, as I went into the details, I got to know like this this thing will just make me an enthusiast. Will make me someone who can who can just play around, but it will not give me a career. So I learned it the hard way, uh I spent most of my time in on my childhood to to do all this stuff and mobile hacking with Metasploit, you know, and just controlling someone's phone. But in which class you were when you're doing all this? Oh, sorry, I'm interrupting you but I just want to understand. Um I I was in class 12th. 12th. Okay. And before class 10th, are you aware about cyber or you were aware about hacking and all that? I was just aware about the term, I was not sure how it's actually turn. It was um like I was in CS, I was taught HTML and CSS in 10th and then I got to learn Python in 11th and 12th. So I knew a bit of coding, but not anything else, like how to use that code to break some softwares, not like that. It was just coding. So first myth I want to burst here is, do do we need a really a practical coding to make a career in cyber security? Um it's it's a big umbrella, you know, I cannot talk about that, like it's very subjective. If you talk about Appsec, yeah, I can say you need to know how to read code. But for other fields like stock and all, we don't need that much coding. Like uh on a very high level, uh so it's very subject to field to feel. But yeah, a good knowledge of reading code, like understanding the logic, not the syntax but just the overall view what the code is doing and how the data is flowing, that's enough. I think we don't need to go much deeper, like if you are going, um like you're experienced and you know that you need it, then you can learn on requirement basis, project to project. But it's not very difficult. Okay. So Ansh you're done with the 12th and you you got the understanding about little, as you said, you you you got fascinated about this hacking and all that. What next after that after 12th what you decided?
[7:42]Um so I uh in the pursuit of me learning hacking, I used to watch a lot of YouTube videos. At that time, YouTube was very accessible and not many content creators were there, uh there were very few. So I started to watch them and as I kept watching them, I thought why can't I make those videos as well? Like I'm learning, so I can teach people in a better way, like how I want, I can improve it. So I started making content and and in that pursuit, that motivated me to learn more. I create a video and then then I learn more and then I create another video. So this cycle just keeps continuing and I keep learning. And when I came to my college life, I chose CS as my subject. I did B.Tech in CS. So I had no, no doubts in that, I had to do CS only. So I went deep into it and it was funny that the people who were learning with me, I was one step ahead of them. Like whatever the professor is teaching, I I'm answering them first. I'm answering before the professors, so it it felt really good in front of other people as well and they used to watch my videos only. Is it okay to reveal the trade secrets of what that what what what was the thing you're doing that time that you were, you know, staying ahead compared to your other colleagues and all that? Uh the reason of asking this question, you know, there will be a lot of students who watching this video. And I'm sure I'm not the only one, you also received a lot of DM, uh hey Ansh, you know, I'm in a class 12 or I'm in a school or I'm in a college, you know, I'm confused about cyber security career, appsec, red teaming, pen testing, bug bounty. Do you had a same questions in your mind, you know, when you're in a college or you were very clear about, okay, I will start with pen testing. Honestly, I didn't know about these terms, appsec, bug bounty. In college also? Yeah, not not anything like that. I just knew hacking and ethical hacking and cyber security and that's it. Nothing else. I was just exploring. I was trying to learn everything I can. I didn't think that I can go into this and make a professional career. I was just interested. I I thought if I if I learn CS as a whole, I'll be good at hacking, that's what my conception was at that time. So I was ahead because I was really passionate about this field. I I started to learn C programming before the professors taught us. C programming, Unix, Bash, networking, before our subjects came, like in every semester, we had different subjects, but I learned all of it like in third and fourth only. So what we were going to learn after that, I already knew that. So that just comes out of my passion and my time that I give to learning. And I I always want to. But do you compromise your do you compromise your personal life during that time? Because because when you said about, you know, the uh the lecturer and all that who the topic they're going to cover, you already done with that. See, normally what happened in the college life, you you know, I don't have not attended the college life, but people used to say that it is like nine to five or eight to four, whatever. After that, you know, there's no energy left to do the study. We have a we have to go to cricket, play football, whatever. So my again question is, how you what was your trade secret? Uh to get get the time as I want. Um so when I came back from my college, it was like 5:30 or 6. And uh till eight, I had time to do something of my own. Um to to learn or to uh to spend time, I can spend it or waste it, that's up to me. So I I tried to spend it on learning because that was a fresh mind. I was very young. I had the maximum amount of, you know, energy that I can give it to something. So I gave it all of to the learning. So you're not in the party mode kind of person, okay. Ha, I went to college just for a party and come back, just play cricket and then go go home. Because the reason of I want to ask this question because if someone seeing the so Ansh is not a the smart person in this industry. He carrying the subscribers of 4 lakhs and, you know, I've seen a lot of people tag Ansh for their OSCP credibility and all that. So if if someone saying that okay, he was a head, you know, there should be a reason for that. And that's why I asked this question like, you know, it mean during a time of college when people doing party, you were doing studies. You're planning your future, correct me if I'm wrong. So there will be some compromises you did, the golden phase of every student in college which you spend on personal things, instead of that, you build your academy there. Correct me if I'm wrong. Actually, you need to sacrifice something to achieve something. Um and that that's what happened with me as well, like I skipped parties, I skipped get togethers and I only kept those friends which were, you know, learning with me. And at least try and trying to learn and build build something. So I had some good friends and they are still connected to me and I'm glad that they are, but there were many friends which uh which had a a grey influence on me, so I didn't keep much with them. But you will regret that I should had a good more good time and I, you know, there's something I missed, I I should do that instead of doing studies. Any point of time, like did you felt like that? Um actually, no. I I don't regret much because that's what brought me here today. So um yeah, uh so I didn't like it's not like I didn't attend anything. I I did try to try to be more social as as I can, uh with the few friends that I have, like I only had two or three friends, close friends. So I maintained with them. I I went to some some outings, I spent time with them, so it's balanced. It's all about quality, not quantity, yeah. Yeah, exactly. Yeah. So Ansh, uh as you said, you're in a college and during a time of college, you did your preparations, you you're doing this practice of labs and all that. Uh have you attended any trainings or or everything was self study? What was the sequence of learning of your cyber, yeah, if if you can share your insights on that area? Um it was very very scattered to be honest. Like at that time, the content was not very structured. Um there were some websites like Nulbyte, um tutorials Point, Java T Point, security tube. security tube, yeah. And some some YouTube videos, like Nulbyte had YouTube video, computer file and I don't remember more of them. But yeah, those were some resources I used, those were scattered and I also had some GitHub pages uh that people made on content. So first of all, I I got to know about CEH. Uh so then I went to the syllabus of CEH, what what all is taught and then I used those syllabus, those content uh points and I independently researched on them. Excellent. So that's how I learned, like one thing at a time. I did the theory, I learned the concept and I backtrack what I didn't know. I went to the basics and came back to that topic again and then I practiced it on the practical side. And uh I recently started to to install multiple OS on our on my on my laptop, like Windows with Kali and then I practiced on Kali and dual boot. I installed packages and uh I also did some WiFi hacking at that time. So I was like mildly childish still, but I was trying to learn more professional side on college.
[35:15]Brutal question here is, will it will that course will be a job ready program? Uh it will uh individual course, it will help you a lot on the website, you will you will be very proficient in web. But for a job, you don't only need web, you also need cloud, you also need Android literacy as well. For interviews and all, I I said I'll bring two courses this time, this year. One is for Advanced Web and another one is for Appsec, the whole Appsec thing, like white box and source code testing. So those two combined will will give you enough skills to get to the interview and pass it. Excellent. And and and how do you got the your your first job? Because there's a lot of people are struggling to get the first job. So do you want to share that mantra? How you got your first job? So that that's one sad thing, I would say that at the end of my college, um like towards the end of my college, towards the third year, I actually locked in cyber security as my career. I didn't want to go anywhere like software development or SD kind of roles. I locked in cyber and then I started to dedicate myself to cyber. But I was insecure at that time. What what was the year? What was the year that? Uh 2019. Okay. So I was insecure because I thought I don't know enough because there was one certification at that time ISCP that is a child of OSCP. That I tried to clear, but I couldn't clear it. So I was not uh very confident on cyber security. Who thought this guy having OSCP and always see.
[37:25]So that that day at that time, uh I thought, okay, let's have a backup plan. I will study for gate and if I couldn't crack a job in cyber on campus or off campus, I'll go for gate and go for higher studies and let's see what happens. So I was trying to have a backup plan. So actually my time was split up in cyber and with gate. So I had to spend half of my time on gate as well. So at the end of the college, where other people um got some jobs, they cracked gate with good good rank, like 100, 200, 500 overall. I got only 2,000 rank in gate and I was not ready for a cyber job as well. I didn't do any certifications. So I was nowhere. I was not a ready, job ready person at the end of my college. So I thought, okay, let's drop one year and try to focus only on what I want to do. I tried to build my portfolio. Like I gave CEH, I studied for CEH. I gave another one our HCSI for Linux. I gave this two certifications and then started applying for jobs. I almost applied more than 100 jobs and at that time, honestly, COVID was there. So getting a remote job was easy. Uh as compared to today. So I I tried to apply in many roles around Appsec, around the security analyst role. So I received responses from many, many companies of rejection, but there is one one company that gave me a hope. Intercontinental Exchange based in Hyderabad. So the manager, the Appsec manager reached out to me on email and scheduled an interview and the first interview was with him. So very general questions like how you started and what do you know and how do you know about Appsec. And uh one thing I remember that he told me is that I saw your YouTube channel. I saw your I saw your public contributions and what you do on YouTube, that's really interesting. And I think that's something that inspired him to select me as a candidate for you know, this role. And that's very weird at the same time for me, like, okay, something worked what I did in college. So you already started with a content creation during a time of college and that that give you a returns, right? Correct me if I'm wrong. So I started in 2017 and this uh this thing happened in 2021, the job thing. So it take time.
