Interview with Samuele Gugliotta [ aka 0x3qt ]

Interview with Samuele Gugliotta [ aka 0x3qt ]

Despite the threat of death, some people want it in their hearts to become soldiers or policemen, despite the low pay, many feel they want to become teachers. In the IT world, people want to become engineers, game developers, software developers and despite the seeming difficulty, cybersecurity analysts.


In a way, cybersecurity and its related field, which is generally referred to as computer hacking, has a certain appeal amplified mostly by Hollywood features. Hacking holds the promise of thrill, excitement, challenges and ultimately satisfaction when certain systems are cracked.


The processes however are often too technical and complicated for the average IT worker. Hacking, and thus cybersecurity requires talented and dedicated individuals to rise up to the challenges of breaking into systems or protecting them. Here is the story of Samuele whose chosen or destined path is as a Cybersecurity professional.


How did you get started in cybersecurity? When did you first become interested in hacking?


Sam: I started my path in cybersecurity as a good noob, landing on forums like CrackNoW or Inforge.
It was the historical period when the average user was having fun with batch, so using "@echo off" and ":start" he was feeling like a malware dev printing random numbers in 0a. So... banned by the admin shortly afterwards.

I approached cyber security for hobby as a self-taught, rather than for interests related to a professional growth. The high school I attended was something totally different; the graduation, the same.

Once I had finished my education at school, confident of what I had learned, I decided to invest economically in my growth, in accordance with what turned out to be my real interests, starting a Master in IT Security lasting a year and a half. The final evaluation was 100/100.

During this period, I started working in a private start-up, where I started to create some baseline policies, doing some OS and application hardening and high-level vulnerability scanning. Shortly afterwards I took my first intermediate level certification, CompTIA Security+. After 2 years I began to feel that my growth at the skill level was starting to be static and that I could not learn much more from them.

Samuele Gugliotta


So I started a career with a different company. Here I started to understand what I wanted and what I didn't wanted to become.

I spent the first month as a SOC Analyst, but the role was tight to me and my interests were more inherent to the SQLi payloads landing on SIEM. I was then put on development projects, but my interests were more inherent in how to exploit the vulnerabilities that my colleagues left out to get to the RCE.

That's the point, it's all started out that way. By attempts and exclusions, the aggressive mentality and an offensive approach became increasingly clear.

I don't think I chose this path, I think it was this path that chose me.


Motivation and inspiration here played an important role in my growth. I began to identify my idols and plan goals that I would like to achieve over time. I cannot fail to mention Andrea "theMiddle" Menin and Darix "KNX" Deros. Rev3rse Security, the community, as well as the youtube channel they have set up in recent years is the reference point for many professionals and cyber security enthusiasts.



The technical contents of the channel are of an undisputable quality, and personally, they inspired me a lot on a technical and personal point of view, positively influencing my growth.



I took my second certification, the EC-Council CEH. Here I felt really satisfied. I took the exam around the time the CEHv10 came out, so I wasn't spared from the practical exam. AWESOME!



I've enriched my journey with a lot of certificates of continuing educations on Cybrary, a platform that I really recommend a lot, for the quality of the contents and the vastness of the learning paths. I signed up to Hack The Box and completed my first machines.



Here I began to feel confident enough to attend my first events, conferences and CTFs within my country. Among them, I must mention Cyber Saiyan; yeah, the same social promotion association that periodically organizes RomHack, nothing but one of the most popular and expected hacking events in Rome. Their initiatives are highly formative and have inspired me and all the friends and colleagues I dragged to their aperitechs.

In the last period I have reached some milestones on HTB, taking and holding the 1 # place in Italy with my team, called "Et3rn4LBlueTEaM", as well as the 8 # in the global hall of fame.
I started to approach with Bug Bounty Hunting in recent six months only, starting to find my first vulnerabilities. I started with open redirect, followed by some XSS.
I plan to go deeper into this area and start taking it more seriously, perhaps in the future as Nahamsec and Stök are already doing.

What is the proudest moment of your career?

Sam: Considering the fact that I am still at the beginning of my career, what I am certainly most proud of is the clarity of how I see my path, the moves which I must and mustn't make, plans and goals which I have for my future. I know who I am and who I want to become.


To be successful in Cybersecurity, what skills do you think are the most important?


Sam: “…As far as I could see, there are two types of person in this field: those who, at the end of their working day, at the stroke of the eighth hour, give up everything because they have done their duty and have guaranteed their pay, and those who, even when they return home, continue to learn and improve their knowledge and skills. There is a difference.


…There are certainly those born with a vocation for this and those who, as in any other professional path, can acquire it with soft skills such as determination, persistence and above all enthusiasm.”


What is your advice for aspiring cybersecurity professionals?

Sam: Put your hands back on! This is one of the few fields where every effort is truly rewarded, if not by someone else, on a personal level.


Find your path and start following it. Cybersecurity is an arm of information technology that branches off into various paths, with everyone diverging from each other. So, pick the area of focus that inspires you most, that is more in line with yourself or, as in my case, start to experience and you'll surely see that the path itself will choose you.


…What else? Don't forget the persistence. Persistence is the key.


 What are your hopes for the future?


Sam: …I hope to continue my growth upwards and with the same enthusiasm in the years to come… I also wish I could spread this enthusiasm to as many people as possible, inspire and motivate, as someone else has done with me in the past.”


As he says, enthusiasm and persistence are keys to achieving any goal. A genuine interest and enthusiasm for the field and the persistence to learn and pursue that calling that leads everyone in their chosen fields.

Leave a comment

Please note, comments must be approved before they are published

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.