SecurityStories - 52 Weeks, 52 Stories

Story - 15: Featuring Kishore Krishna Pai

Through the SecurityStories series, Today, we are excited to bring forward the story of Kishore Krishna Pai, a seasoned security researcher from India who is currently settled in Australia. So let’s jump straight into learning more about him and from his experience.

Question: Could you briefly introduce yourself?

Kishore: Hi all,

My name is Kishore Krishna Pai. I am working as a Senior Pentester.

I am a self-taught Cyber Security Senior Consultant with a passion for programming and a penchant for learning new technologies. I have been a reliable team player who envisages and develops production-worthy systems and applications for my clients.

After 8 years as a programmer (JAVA ), I switched to cyber security. I became a Bug Bounty Hunter and eventually a Security Consultant.

Question: How did you get started in Cyber Security?

Kishore: Hi all,

My name is Kishore Krishna Pai. I am working as a Senior Pentester.

I am a self-taught Cyber Security Senior Consultant with a passion for programming and a penchant for learning new technologies. I have been a reliable team player who envisages and develops production-worthy systems and applications for my clients.

After 8 years as a programmer(JAVA ), I switched to cyber security. I became a Bug Bounty Hunter and eventually a Security Consultant.

Question: What were the initial challenges and blockers you faced?

Kishore: My experience as a developer helped me a lot. I was able to pick up things really fast. The challenges I faced were mainly mental, where I was challenged to accept the bad side of bug bounty programs, wherein they don’t pay you, and I felt cheated. I had to accept it and move on.

Eventually, I stopped doing Bug Bounties. I am in no way good at Bug Bounties because of this.

Question: What learning methodology did you follow or still follow?

Kishore: I try to learn from different sources ie videos, books, practice labs etc. I skim through the topics on the first, and in the second, I take notes and try to understand the concept.

I try to contact an expert in that field and have a chat and take their opinion about what is the best way to learn a new skill.

Question: What all certifications do you hold, and what certificates would you recommend to the readers?

Kishore: I currently hold the following certifications: CRTP eWPTX OSCP CREST CPSA CREST CRT

I am not a big fan of certs. But the industry gives very much value to these certs. So I had to do it to land a job.

I recommend the OSCP cert as it’s a well-valued certificate in the industry.

Question: What is your favourite thing to hack on?

Kishore: I like looking for Access Control, Authentication, and information disclosure issues.

Question: What does your tool arsenal look like - Could you share some?

Kishore: I use only a few tools than Burp Suite, such as Nuclei scanner, SQLMap and other tools depending upon the project. I just search in Google and use it.

Question: How do you cope with Burn Outs?

Kishore:

• Meditation
• Walking
• Being in the nature

Question: What would you advise the newcomers in Cyber Security?

Kishore: 1. Try to be humble. This community is very small and has a lot of beneficial people. Take an approach of growing together rather than focusing only on your own growth.

1. If you can get hold of a Mentor, your growth will be much faster. Anyone can approach me if you need any suggestions/guidance. I am not a pro compared to many legends in the community, but if you are a beginner, I can help.
2. Learn at least one programming language. Try building a website using any new technology stack. This exercise will help you immensely.
3. Take it slowly. There is a lot to learn. You will get there. Don’t be disheartened by the success of others. You will be there soon.
4. If you climb the ladder by pulling someone down, the same will happen to you eventually. So having an excellent helpful mentality is very important. I am not trying to give a lecture on philosophy here. I have seen in the CyberSec community the value of having good connections is unbelievable. So if people think you are a nice person without much greed, you will be surrounded by like-minded, helpful people and reap its benefits.

Question: How do you keep up with the latest trends in Cyber Security - Could you share your go-to resources?

Kishore: I used to be very active on Twitter. But not now. Twitter is a good source for keeping up with the latest happenings in Cybersecurity. Nowadays, I just read the newsletter circulated in my office, which is very good and keeps me updated.

Question: What’s your life outside hacking?

Kishore: I am a son, husband and father. I like spending time with my family and playing with my daughter and dog. My favourite thing is those moments of solitude I get when camping or being in nature without any company.

I like to travel. Most of my travels are away from busy cities.

Social Profiles

• LinkedIn: https://www.linkedin.com/in/kishore-k-pai/
• Twitter: https://twitter.com/sillydadddy

Did you find Kishore’s story interesting and inspiring? Please share it with your friends and colleagues to spread the word.

We will be coming up with more exciting and inspiring stories Weekly.

Follow Me on Twitter