SFCS: Interview Ethical Hacker Andrey!

 We connected with Ethical Hacker Andrej [ @dreycoding ] to learn more about his journey into cybersecurity. Andrey shared some great advice on how to get started in the industry as well as helpful infosec personal development resources.

We hope by reading Andrey's story, our readers will get a better idea of the varied routes people take into our industry and the range of skills required to be a great ethical hacker! Let's take a look at Andrey's story. 

How did you get started in cybersecurity?

It all started when I was probably 6 years old. I wanted to get free coins for online games but I found out it's just a fake and cruel world. I realized there are no "secret hacks" in this world and that I will need to work hard to accomplish something. That made me mad but I wasn't deterred. I thought: "I'll come back for you soon".

So I started playing around with computers and learning how they work. Before long, the dream was set and I was 100% sure that soon I'm going to be a hacker.

Around a year and a half ago, stuff actually started to happen. At school, we started learning Python, although most of the school computers didn't work at all. So I took stuff in my own hands and as soon as I came home I started reading online books and writing my code. This got me really hyped.

The teacher suggested I try a national tournament exam to test my skills. The exam was more hardware-related rather than programming itself, but it ended up good. I finished 2nd in the whole nation of Serbia, and that is when I got my first "bounty" of 500$.

I was like: "Andrey, the future is right in front of you, do you choose to go down this path?". The answer was obviously yes.

I started coding my first game in python (which of course had a lot of errors). I reached out online to my good friend Sumit [ @sumcodes ], who helped me. He really motivated me and introduced me to a real-world hacker, who went by Neo. He put me on a path and if he wasn't there for me I wouldn't be where I am today.

I learned that there's no limit on how much I can learn, and also that engaging with the infosec community is essential. I wanted to give help to others the same way I had been helped. So, I started my Instagram account that was the moment everything blew up and I couldn't stop learning.

Also, I would like to thank Kush Mehta [ software_user23 ] for introducing me to the HackTheBox penetration testing platform where my knowledge reached another level.

What do you like the most about the cybersecurity community?

The cybersecurity community is probably the cleanest of all communities out there, and that is what I like the most about it.
What I mean by that is that the community is full of good, respectful, and positive people.

If I'm being ruthlessly honest, I wouldn't be here talking to you if this community wasn't alive. At the beginning of my career, I thought I thought I could do it all alone. That is even how my HackTheBox team name Rogue came about (lonely walking wolf).

But I figured out in the end that Google couldn't answer all of my questions. So I started thinking: "Hmm... Andrey how do you meet someone who really knows how to help you?". So the only logical answer was to make them come to me. That is how my page started, and I'm very grateful for that.

Thanks to all my infosec friends, I truly feel obliged to have the privilege to meet you all and grow together with you all.
Conclusion: You do need people, that is how your knowledge grows, helps you meet new friends, and have fun hacking!

What are your hopes and plans for the future?

My hopes and plans for the future are simple, I want to succeed in being an ethical hacker by achieving my goals. My short term goal is to keep learning and become good at reverse engineering. I want to focus more on bug bounty hunting and also reach first place in the HackTheBox ranking for my country.

My long-term goal is to get a job as a penetration tester outside of Serbia and use the knowledge I gain to come back here and build up the cybersecurity community in Serbia. I also want to finally experience a DefCon live event in all of its glory.

What skills do you think are required to be a good ethical hacker?

1. Get a Linux based OS

2. Be the master of your terminal (I suggest overthewire.org to practice).

3. Learn a programming language and a markup language (I suggest Python as your starting one).

4. Learn about basic web application vulnerabilities (checkout OWASP top 10 or Portswigger academy).

5. Learn networking - This is important to know, otherwise, you won't understand 85% things that you are currently learning/doing (you can checkout CCNA free course by Cisco to get started)

6. Practice all types of CTFs - no matter if it's Attack Defense style or jeopardy you will learn a lot of skills like cryptography, forensics, steganography, reverse engineering, and pentesting in general.

7. Read books!!

8. Have patience!!

Do you have any advice for aspiring cybersecurity professionals?

- Never think something is too hard for you! Stay informed and keep up. Even when things feel slow, remember that you are already 10 steps ahead of people that are sitting on their chairs and watching their TV. You are better than that! 

- Listen to wise people. If something you don't know goes through your ear and you don't google it, you are already losing.

-Master the skills needed.

-Don't underestimate yourself or overestimate yourself for being not able/able to do something. Stay in the low middle.

-Don't get into DDoSing, it's a never-ending black hole.