Team Reflections have had the opportunity of interviewing Nirali Shah, who is a Software Engineer in the field of Information Security. She has also been a speaker at c0c0n XII and has been associated with Nullcon and many such communities.
1) Could you briefly highlight your journey in the field of information security? Also, mention who was and is your current inspiration in this field.
==> I was lucky to have landed a job as a software engineer in Information Security soon after my graduation. Though I had no prior experience or exposure to the field, I learned a lot over the past three years. I have worked on the development and engineering of projects for PKI management, securing sensitive data, and scanning and auditing the security posture of Public Clouds and container-based environments like Kubernetes. I also earned my GPEN and GWAPT certifications. I have a very motivating team that makes me look forward to learning something new every day.
2) We have seen your enthusiasm in this field and we are very proud of the work you do. Would you also share your views on Women in the area of information security? Please let our readers know about what the driving force has been behind “Winja” and its inception.
==> I first participated in Winja in 2017 during my first visit to Nullcon. I was delighted to learn about such women-only opportunities, and it felt empowering. Although I was very new to the idea of CTFs and couldn’t really solve any questions, it was a good experience collaborating with other women to try to crack some challenges. I was back at Nullcon and participated in Winja again the following year and was able to solve a lot more challenges than the previous year. By 2019, I was part of a team creating CTFs at my organization. The Winja contest itself and the SANS vouchers distributed to the winning teams of the game are a fantastic way to encourage women to step into Cybersecurity and provide a training path to interested and talented women in the field.
3) What has changed in your thought process after Winja?
==> The CTF has helped me learn different domains for penetration testers in this field. It has mainly got me interested in OSINT and network-based vulnerabilities and exploitation techniques.
4) How do you see the changing times for the world of mobile security? Could you share a few resources and prerequisites for beginners in the field of mobile application pen- testing?
==> I have not worked on native mobile application security. But as far as web applications that run on mobile devices are concerned, most of the vulnerabilities that exist in desktop web apps also exist and are exploitable in mobile web apps. The OWASP top 10 guides are a must-read and fundamental resource to get started with for any newbie in the field.
5) What is your take on students attending/participating in security conferences? Share your experience being an active speaker at various conferences
==> I attended a bunch of big conferences like Nullcon, Cocon, and DSCI before I gave my first talk at one. I delivered a talk last year on the topic of building a framework for auditing public cloud security at the Cocon 12 conference. Attending security conferences has two benefits – you get to learn about what’s trending in the industry, and you get to meet like-minded people who are very willing to help you at every stage of your journey. Giving a talk also brings you more visibility and a better audience to listen to your ideas and provide you valuable feedback.
6) What to expect from Winja 2020 CTF?
==>Questions on Web, Network, and mobile security, exploiting binaries, OSINT, and cryptographically vulnerable applications, and a lot more…
7) Your message to the budding women in Information Security?
==> Don’t be afraid to step out of your comfort zone, take help, or ask questions, no matter how basic they sound.