Hacker Story: Cristi Vlad

Industry

Hacker Story: Cristi Vlad

I never thought I would end up working in cybersecurity, even though I should have seen it coming.

Growing up as a kid in the late nineties, I always had an affinity for computers. I remember my parents bought our first computer when I was in first grade. It didn’t take long until I broke it.

It came with Windows 95. Soon after, I broke it. I think I deleted a crucial file needed in the bootup process. Mom and dad took it to the repair shop and it took almost one month until they got it fixed (probably not because of the seriousness of damage I’d done, but because they were too overloaded with work).

Oh, the joy when it returned home right before Christmas! As the exhilaration faded away, I realized this situation would happen again in the future; because of my extremely curious nature and my never-ending ability to mess things up.

I was right. A few months later I broke it up (again). I couldn't bare being away from the PC for that long, which is why I tried fixing it myself. And to my surprise, I made it run after a couple of days of swimming in an ocean of floppy discs and computer parts.

And That’s How My Story Starts…

Then, life happened, I grew up, years later got a degree in Civil Engineering, and was about to start working in that field. During this entire time, from childhood to adulthood, the PC, then the laptop, then the Android had been an integral part of my life. I learned their insides and their outsides through a lot of trial and error.

(Luckily) I didn’t get a job in Civil Engineering because I wanted to give my lifetime passions a shot. After making some money writing books about my other passions (biochemistry, medical research, nutrition, and fitness), I decided to learn to code.

Long story short, messing around with Python brought me to Backtrack, which later became Kali Linux. I played around with weak SSH and IRC bots. Then, discovering SQLi and other misconfigurations in the wild, long before CTFs and HTB-like platforms were a thing, long before responsible disclosure platforms. It was all fun.

With no degree but just some practical experience on hand, I tried networking and talking to relevant people in my small town. Somehow, I ended up working for three months with a local software company as a one-man cybersecurity department. It was fun but chaotic. They sent me to Defcon (and I appreciate them for that!).

Then I joined another company as a pentester. I also did a few bug bounties here and there until I got put off by the shady practices of many of the companies in this field and the whole triage process which is more often than not unprofessional. I’m more fond on researching and discovering vulnerabilities in the wild and responsibly disclosing them. I do this in a very small fraction of my spare time, after completing all my daily online and offline objectives.

I worked with that company as a pentester for a year and a half (if I remember correctly). Then, I began working with another company, that pays better and gives me pentesting and appsec projects on an ongoing basis. I also joined RedSentry just recently and I got a few projects with them so far.

Bottom Line

All of the jobs I got so far had been obtained by leveraging the power of networking, talking to, and getting to know people. And none of that involves the formal hiring process where you are being tested, talk to HR, and you are being interviewed multiple times. I’m not into that. I showcase my skills in my write-ups, blogs, Youtube videos, and the few disclosure programs I participated in. And I think this is the major takeaway from this short personal recollection.

I’m not sure how long I’ll be in cybersecurity. I know I love the hell of what I’m doing right now, but I also know that I have deep unsatisfied cravings that involve machine learning, applied mathematics, bioengineering and biomedical research, and robotics. Thus, the story remains to unfold.