We had the opportunity of interviewing Ms.Sneha Rajguru who is the fo
under of WINJA which is a platform to promote and celebrate women in security. Sneha is currently working as a Staff Security Engineer for Byton and has been in the field of Information Security for over 6 years now.We present to you the excerpts of our candid conversation
Describe Sneha Rajguru in seven words
Breaker, Hard Worker, Active Listener, Introvert, Mystic, Empathetic.
Could you briefly highlight your journey in the field of information security? Also mention who was and is your current inspiration in this field.
I got in the field of information security since my schooling days, by then I knew what hacking was and it was really very fascinating for me to see how a hacker could just change the homepage of website and rip of the database from the web-application’s server.
One day while returning from school, I came across an advertisement which said “Hackers are here, where are you???”, and that was it, that’s when I decided to get into cyber security and began to learn the working of web applications, to build and how to hack one – well that’s the coolest part.;)
Knowing that I always wanted to be a WhiteHat, I took a step ahead and achieved various certifications in the field of security, by then along with my graduation degree I had almost 11 other certificates related to information technology, and ever-since I have continued my quest to find vulnerabilities within the applications and continuously learn new techniques and now there is no looking back.My parents have been a great inspiration and support to me, they always persuaded me to take up “Information Technology”, as a field of career and studies, maybe they had already realised my passion towards computers. In addition to my parents I get my inspiration from everyone who are working everyday towards securing the cyber space.
I have seen your enthusiasm in this field and we are very proud of the work you do. Would you also share your views on Women in the area of information security? Please let our readers know about what has been the driving force behind “Winja” and its inception.
Thank You!
Well, there many amazing women in the field of information security, it’s just that there are some visibility issues. Though this field is extremely technical and aggressive at times, yet its very diverse.
Talking about the driving force, well it has a story; While in college I was introduced to null – The open security community. I really liked the idea where security experts and enthusiasts used to meet on monthly basis and share the knowledge and technology that they had mastered. While attending these sessions it occurred to me that women are rare speaker/trainers in information security and this needs to be changed. This is what lead me to form a community which serves as an ideal platform to attract and promote information security among women. We try to provide all possible help and support to the women who need guidance/advice to excel in this field.
How has your experience organising Winja in Nullcon and c0c0n been? Also share your experience being associated with the null Pune chapter.
My experience in organising Winja at various conferences has been very challenging and a good learning experience. Trying to attract more women and give them a platform to explore their technical skills and to geek out without feeling intimidated, is a challenge itself. Since, Winja-CTF is a complete hands-on event which renders to real-world hacking challenges and designing these challenges all by myself becomes a difficult job at times, but I strongly believe in the motive that Winja servers and that’s what keeps me going.
I have been serving as a Moderator for the null-Pune chapter, it’s been a very interactive and motivating task. Trying to reach out to the people, ask them to present or teach others also provide them guidance and motivation, it gives me a sense of satisfaction that I could help people on local level maybe be it with their confidence in presenting a talk, or choosing topic or helping them with problems and challenges in cyber security, also providing a career guidance, it’s a big responsibility.
How do you see the changing times for the world of Mobile security? Could you share a few resources and prerequisites for beginners in the field of mobile application pen-testing?
Usage of mobiles is increasing day by day, it’s a device which tries to build a sense of confidence and ease of use and best way to connect to the world and portray a lifestyle, these are tiny but extremely powerful handheld devices with elegant styles and design, but having these elegant designs does not always provide proper security.
The goal of mobile security has now shifted to that of being more educational rather than technical. People need to realise that mobile device security is an ongoing measure, it’s important to keep the data encrypted on mobile devices, always update the OS and apps, and prevent jailbreaking on smartphone and not to side-load the applications.
Some resources:
OWASP_Mobile_Security_Testing_Guide
The Mobile Application Hacker Handbook
Google Android Enterprise Security Whitepaper 2018.pdf
What is your take on students attending/participating in security conferences? Share your experience being an active speaker at conferences such as Nullcon, Defcon, BlackHat, CCC and c0c0n
Yes. Students should definitely be provided with the opportunities to attend and participate in the security conferences. It is important for students to be exposed to the industry and the real world security challenges early in their career which is why attending conferences gives them the opportunity to learn about the latest trends and cutting edge research presented at security conferences. These conferences also have an aspect of exposing the students to more “educational opportunities”, and also provide a good opportunity to network.
For me it has always been a great learning experience, I get to talk, listen to others and be exposed to the latest trends in cyber security. Networking at conferences is also very important to me.
When you are not researching in information security, what do you do?
I like to spend time with my family and drive to unexplored places
What to expect from Winja 2019 CTF?
Winja-CTF, gives a platform to the women from all skill levels to participate and learn.I try to balance the challenges ranging from easy to medium and difficult as well, so everybody gets to score on the challenges without being confused or feel intimidated. And this has been a huge success for the past years. This year I have followed a similar approach with some more robust challenges.
Rapid Fire:
Your favourite place in Pune: Independence Brewing Company (Mundhwa)
Your favourite marketplace in Ulm: Ulmer Münster
Your favourite movie: Star Wars – (Episode III revenge of the sith)
Your favourite book: Digital Fortress (by Dan Brown)
An accomplishment you are proud of: Winja-CTF
A must visit website for tech geeks: Reddit, Hacker News, etc.
Would you like to visit SCIT again? Certainly!
