Open in app

Sign up

Sign in

Write

Sign up

Sign in

I can’t believe it’s been a month already @ Appsecco!

Madhu Akula
Appsecco
Published in
7 min readJun 16, 2016

--

Team Appsecco

Oh boy! What a month it has been!!

I joined Appsecco on May 16th, 2016 and it has been one hell of a ride - full of surprises, lots of learning and a whole bunch of challenges.

Before I start, let me introduce you to Appsecco. Appsecco is a specialist Application Security company that ‘gets’ web security and provides advice on the best route for your business.

A chance conversation

When I chose to move on from my previous employer, I spent some time thinking about the kind of place I wanted to work at and the people that I wanted to work with. Learning new things has been a priority for me and I was ready to work hard to do that. In retrospect, I have always wanted to work with a certain set of people from the Indian security scene — people I can learn from and have fun doing it. Akash Mahajan and Riyaz Walikar are two of them. They have a combined experience of 20+ years under their belt and I’d had great fun interacting with them previously. So they were very high on my list of people to work with.

In the days to come, I received multiple job offers which left me very confused. I exchanged several emails with Akash to discuss these offers and to clear my head a bit.

This is when Akash asked me a simple question:

What was it that I wanted to learn and do at the new job that I would be at?

I had a list of things that I wanted to do:

  • Application Security
  • Penetration Testing
  • Cloud Security
  • DevOps
  • Automation
  • Research & Development
  • Speak at conferences
  • Conduct trainings at conferences

All the while ensuring that I was enjoying doing these things.

Akash asked me to meet him over coffee to discuss a possible opportunity. I readily agreed. Little did I know that a fun discussion over coffee would unlock my dream job for me.

The fun began even before I joined Appsecco

I was supposed to meet Akash at a fancy coffee shop on a lazy Thursday evening. At this point, I wasn’t aware that anyone else has joined Akash at Appsecco. I entered the shop and bumped right into Riyaz. I had no idea why Riyaz was there till I was told that he was there to meet his ‘girlfriend’. He explained that they had had a fight and a discussion over coffee was his way of smoothing over things. I wished him luck and proceeded to find a table for Akash and I.

We had just sat down at our table when Riyaz joined us (without an invitation)and said that he would like to wait with us while his partner would arrive. Boy, what a fat lie this was. While I looked completely puzzled and confused, Akash and Riyaz both started laughing at how I had fallen for this story. This was a prank that they both played on me!

We then continued to have a fun discussion over warm cups of coffee and cold smoothies. Akash and Riyaz took turns to explain what Appsecco was all about and how I would fit in. It became clear that Appsecco’s goals were to provide simple solutions to problems and refrain from confusing clients with technicalities.

A lot of interesting ideas, research opportunities, several jokes and the promise of working on interesting things with two of the coolest people I know? I was sold!

The longest wait

All I now had to do was spend my notice period getting up to speed with the latest in the field of security. To get a better understanding of DevOps, Security and Business Process Improvement, Akash suggested that I read the The Phoenix Project to understand real world scenarios. This book is one of the best guides I have read that talks about how DevOps can change the way organisations function and improve overall capabilities.

Apart from getting up to speed, I had to work on something else — coming up with my job ‘title’. This was an interesting challenge. I wanted the title to be cool like Riyaz’s - Chief Offensive Security Officer. After several iterations, I came up with Automation Security Ninja. Honestly, this is the coolest title I have had till date :)

Learning new things

My journey began with me doing a lot of reading, figuring out new technologies for automation, virtualization and cloud infrastructure setups. This was the best start of a day that I have had anywhere.

During my first few days I was introduced to the following simple Venn Diagram that Akash and Riyaz, and now me as well, follow to identify who we would want to work with:

Appsecco formula to identify possible ninjas

During the course of the next several days, I was challenged, learnt a whole lot of new concepts, set up new technologies, broke a lot of stuff, rebuilt them using automation and it didn’t feel like ‘work’ for a second. All what I have covered in the last month is stuff that I had never done before and was itching to do all my life (mostly post college life :D).

Some of the things I do as part of my everyday work include:

  • Contributing to the community by learning Ansible & Docker. It started with writing simple playbooks for PoC’s. These PoC environments can be setup by researchers in a fraction of seconds using the scripts I created. An example of this was the reverse shell on node.js ansible playbook.
A tweet from Riyaz linking to my github commit
  • Learning and sharpening real world penetration testing skills. We setup labs, break stuff, reset and repeat when required. Learning Windows pentesting skills from @wincmdfu himself!
  • Building multiple PoCs across servers, stacks and cloud providers. These tasks specifically raise my confidence to new highs knowing that when you understand the basics, you can build anything on top of it.
  • Documenting all my work, version controlling it and presenting it with markdown, raneto and reveal.js.
  • Researching vulnerabilities in the technologies we are trying to setup. An example was when using open source DevOps, CI/CD software like Gitlab, I found a vulnerability which gave me unauthorized access to all other private projects.

Everyday is a learning opportunity at Appsecco.

My coworkers at Appsecco

I remember my first day very clearly. I was excited yet a little apprehensive. Akash and Riyaz have been working in the industry even before I finished my schooling! Working alongside biggies like them was a dream come true which was part of my nervousness anyways. How very wrong I was about being nervous. They are two of the most patient, technically competent and fun loving people. And I am not just saying this because we work together now!

Working alongside Riyaz, our Chief Offensive Security Officer, is a lot of fun. He has the knack of breaking down complicated (Windows or non-Windows) concepts into simple ideas. Apart from being extremely competent, he is a major troll as well. He does not leave an opportunity to pull my leg. I have learnt to troll him in return, and that’s something new that I had not expected to learn.

Riyaz loves to take selfies with his awesome S7

Akash is like a mini encyclopedia. He knows a lot of things about a lot of things. You can ask him about container management and he will point you to http://mesos.apache.org/ or you could ask him about the fastest way to get to Leh from Delhi and he would tell you that as well.

Simply being in the company of these two has thought me so many things. Things that most of my senior education failed to teach me - life skills, hacking skills, communication skills and tea making skills as well :)

Chris and Gwil are our champions from the US and UK respectively. They have multiple roles and they wear multiple hats based on what they have to do. Bringing in the business to Appsecco, Chris and Gwil are as much fun as they are tall (hint: they are very tall!). Bangalore drinking parties are uber fun in their company.

Exciting times ahead

Every security researcher dreams of speaking at Blackhat and Defcon. Akash encouraged me to submit a workshop at Defcon this year and our Ninja Level Monitoring workshop got selected for Defcon 24, Las Vegas. Riyaz and I will be presenting this workshop with hands-on exercises and demos in the first week of August.

Our hiring policy simply follows our Venn Diagram while we choose who we work with making Appsecco unique in the league of the other companies I have worked/interacted with.

It’s been just a month and I’m doing all of the things I wanted to do in my list.

  • Application Security (check)
  • Penetration Testing (check)
  • Cloud Security (check)
  • DevOps (check)
  • Automation (check)
  • Research & Development (check)
  • Speak at conferences (check)
  • Conduct trainings at conferences (check)
  • Having fun doing all of this (CHECK!)

My work profile couldn’t sound any better. And, my journey has just begun…

At Appsecco we provide advice, testing, training and insight around software and website security, especially anything that’s online, and its associated hosting infrastructure — Websites, e-commerce sites, online platforms, mobile technology, web-based services etc.

If something is accessible from the internet or a person’s computer we can help make sure it is safe and secure.

Security
Appsecco
Working With Appsecco
Culture

--

--

Madhu Akula
Appsecco
Follow

Written by Madhu Akula

459 Followers

Leader, Advisor, Author, Speaker & Trainer | #Security #CloudNative, #Kubernetes, #DevSecOps, #DevOps | Tweets @madhuakula | Never ending learner!

Follow

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams