Roles worked: Security Engineer, Application Security Engineer, Penetration Tester
Current Company: Allstate Insurance
What skills or information did you pick up in the program that has proven useful in your work?
In my day-to-day work I regularly use the skills I gained from the Application Security track along with Code Path, as well as becoming comfortable using the command line which I learned slowly from many of the courses at Merritt. I learned so much from every class, but learning the foundations of different security domains helped me both understand what I was interested in, as well as giving me a well-rounded education.
Are there any resources you would recommend to students that supplement the program well?
It’s great we have so many resources to learn from and platforms to practice on. In my experience, it can be easy enough to wrap my mind around concepts on paper, but I will only really gain it as a skill when I’ve struggled and then digested a topic through hands-on exercises and challenges. There are some resources I’d recommend which are just text or movies, but that should only be your first stop.
* TryHackMe: Full of hands-on exercises for different security topics, TryHackMe prepares environments for you with detailed instructions to follow. This is great for the beginning steps of learning a new skill as it allows you to put your hands on the keyboard, but within a narrow lane where you won’t get lost.
* The Web Application Hacker’s Handbook 2: Written by the author of the famous tool Burp Suite, this is a book detailing countless numbers of web attacks. Recommended for anyone interested in application security or penetration testing.
* OverTheWire – Bandit: The Bandit wargame from OverTheWire is a set of progressively more tricky privilege escalation challenges. This taught me a lot about linux command line usage as well as linux privilege escalation.
* CodePath: CodePath followed the OWASP Top 10 and gave me great early experience crafting web exploits which I use every day doing application pentests. It was very challenging at the time, but very fun to work through with my classmates.
* HackTheBox & VulnHub: These platforms both provide you with vulnerable machines you can learn hacking on. Without using walkthroughs these can be quite difficult challenges, but have been somewhere I can really test myself and see what tools and techniques I can use from my arsenal.
What did you like about the NCL and what skills did you learn from competing?
Participating in the NCL is something I think really propelled me into the Cyber Security program. With all of the different categories of challenges they have for you to complete, this was my first time being exposed to a bunch of security concepts. Every round they always were throwing in situations where you were forced to quickly learn the basics of some new technology. It taught me to “just go for it” when it came to quickly picking up new tools and re enforced the skill of teaching yourself new things. Not only was it really fun working with classmates and representing Merritt by placing well during the team games, being able to place way better than I really expected during individual games gave me confidence I was learning all the right stuff to compete at a larger level against people going to more prestigious schools.