SecurityStories

View on GitHub

SecurityStories - 52 Weeks, 52 Stories

Story - 2: Featuring Sumit Grover

Sumit Grover

Through the SecurityStories series, Today, we are excited to bring forward the story of Sumit Grover, a highly skilled ethical hacker from India. So let’s jump straight into learning more about him and from his experience.

Question: Could you briefly introduce yourself?

Sumit: Hi! My name is Sumit Grover, and I’m passionate about computer security forensics, and I’ve been a full-time bug bounty hunter for the last seven months. I came across the term “bug bounty” about two years back while watching a security-related video on YouTube. After that, I registered on all available platforms while unsure how to begin. With some experience in vulnerability assessment and penetration testing, I slowly started reading Medium articles and other blogs on bug bounty. That’s when I came across Luke’s (@hakluke) automation for Subdomain Takeovers. I then started using these techniques and refining them almost every day. After some time, I found my first subdomain takeover and began the actual journey in bug bounty.

Question: How did you get started in Cyber Security?

Sumit: The Cyber Security journey began with a Discovery Channel’s show on Hackers featuring a story from Ernst and Young a long time back. This show inspired me to get into cyber security and be an ethical hacker. So back in 2005, I completed my Certification in Ethical Hacking.

Question: What were the initial challenges and blockers you faced?

Sumit: Back in the day, finding and reporting vulnerabilities you’d come across on the internet to the responsible teams was a big challenge. For example, I still remember a price change vulnerability I came across on the Indiatimes Shopping website while making an actual purchase. Still, it took me many rounds of emails to finally get their attention and have the fix in place.

Question: What is the learning methodology that you followed or that you still follow?

Sumit: As a learning process, there will be better mediums, so I go through medium posts, blogs, youtube videos, and Twitter feed to learn about the specific topics of interest. I also connect with people to discuss my challenges and share my experiences with them.

Question: What all certifications do you hold, and what all certificates would you recommend to the readers?

Sumit: I’ve successfully only completed CEH and attempted the CHFI certifications for now. Depending on the role people are targeting to achieve, knowledge is more important than actual certifications. Having credentials may only get you into the job role, but one can only be successful with the basic know-how of the tasks.

Question: What is your favourite thing to hack on?

Sumit: My favourite bug has been Subdomain Takeover, and it continues to excite me to hunt for them after three years.

Question: What does your tool arsenal look like - Could you share some?

Sumit: I use recon tools and methodologies to collect as much data as possible and do this every day. The recon toolset I use is already known to the public, like Amass, Findomain, Subfinder, Sublist3r, Assetfinder etc.

Question: How do you cope up with Burn Outs?

Sumit: Honestly, I’m yet to experience my burnout. Since I’ve ensured to spend time with the family, learn new tricks, optimize my automation workflow etc. I keep taking break sessions while still having those dedicated, focused moments to hunt.

Question: What would you advise the newcomers in Cyber Security?

Sumit: It is essential to know about everything in Cyber Security, but it is most important to be a specialist in at least one technology/process. Learn about everything happening in the industry while you master one skill that you enjoy. This is important from my experience.

Question: How do you keep up with the latest trends in Cyber Security - Could you share your go-to resources?

Sumit: I’m active on Twitter and get all the latest news and connections from there. Along with that, I’ve subscribed to blog posts and medium users sharing the topics of my interest.

Question: What’s your life outside hacking?

Sumit: I’m very social and spend quality time with family and friends. I enjoy travelling and am a big-time foodie. At the same time, I also enjoy occasional cooking for the family.

Social Profiles

Did you find Sumit’s story interesting and inspiring? Please share it with your friends and colleagues to spread the word.

We will be coming up with more exciting and inspiring stories Weekly.

Follow Me on Twitter