From our childhood, it has been taught to us, When we intend to achieve something with our mind and heart, we overcome every obstacle in its path. Offensive Security Certified Expert (OSCE) certification is one of the most stringent and intensive 48-hours examinations in the cybersecurity domain. It’s one of the most difficult but lucrative roads to achieving a successful career in the cybersecurity field. The OSCE certificate proves that one has mastery in advanced penetration testing skills and can think outside the box laterally and perform under pressure.
“The road to your success is not a highway. You have to create it as you go.” Bangambiki Habyarimana, quoted in his book The Great Pearl of Wisdom.
Swaroop Yermalkar, Head of Cybersecurity, HackerU India & Expert Faculty at Jigsaw Academy, had taken the OSCE examination and cleared it with flying colors.
Let’s hear from the expert himself about his journey to this success.
- How did you prepare for such an intensive test as OSCE?
OSCE preparation requires lots of dedication and consistency. I was teaching exploit development for Red Team Batch students and I realized I should go further and challenge myself.
Being head of the Cyber Security Program, my schedule was super packed! I hardly used to get time to study during the day. So to prepare for this exam, I used to wake up at 4:30 AM every morning and then study till 7:30 AM. Again after coming from the office, I used to study from 9 PM to 10:30 PM for almost 2 months.
The good thing was I already knew many exploitation concepts and it was more like revising the concepts and practicing different techniques.
- Did you clear this examination in the first attempt? What mistakes do learners usually make during the preparation that they’re not able to make it in the first attempt?
Yes, I cleared the exam in my first attempt. It was a total 72 hours exam (48 hours for cracking the boxes and 24 hours for reporting). In the first 10 hours, I was not able to crack even a single machine and I thought I won’t make it this time! I took some rest, refreshed myself, and after that, I tried connecting points and slowly I started getting success in cracking boxes. Exploit development is an art and I would say you can’t just learn it overnight or in a period of one month. You will require lots of practice. So for learners, I would suggest not to hurry for exams. After all, your skills are most important and it takes time to get them developed.
- Why is OSCE certification so challenging to crack?
OSCE is tough because it evaluates your skills in different domains of security. In most of the exams, we use already available exploits or make some modifications to it. However, in OSCE, you need to develop a zero-day (a vulnerability that is unknown to, or unaddressed) for one of the provided software! To develop a zero-day, your fundamentals should be crystal clear and you should have in-depth knowledge of exploit development. Most importantly, connecting all your dots and cracking the challenge in a given time frame makes it difficult.
- How efficient is Jigsaw Academy & HackerU’s Master Certification in Cybersecurity in preparing learners to sit for OSCE examination?
As I said earlier, I got the idea of OSCE while teaching an exploit development class for Master Certification in Cyber Security Course. Master certification will help students to understand many important concepts such as Assembly, Buffer Overflow, Web Exploitation, Python which are all fundamentals for many exams including OSCE. Master certificate training can help students to get the right direction for cybersecurity studies or career goals or to crack the practical exams. However, students will also have to give their commitments for learning, improvement to themself in order to crack exams in cybersecurity, or to get a good job! I would say, it’s both ways. If someone just attends the course but doesn’t put the effort into it, then most likely they might not see good results.
- What intrigued you in becoming a faculty in the cybersecurity domain?
I’m very passionate about cybersecurity from my college days! Right after the second day of my engineering completion, I started a job as a security analyst. Over the period, I worked on different roles as Sr Security Engineer, Security Architect, Security Team Lead! I also have good experience working with companies from different regions such as the USA, Europe, and Southeast Asia. During this time, I also won USD 250,000+ in bug bounty. I authored 2 books in the cybersecurity domain. I’m also a lead for one of the OWASP projects. I have given talks in 10+ countries on cybersecurity topics. I have cleared many offensive security certifications. However, I was able to get these achievements because of good mentors in cybersecurity and also because of different security communities. Now I feel it’s my turn to give back my knowledge and experience to the people who would want to pursue a career in cybersecurity.Before joining HackerU, I had multiple offers to work outside India. However, my experience in different domains of cybersecurity would not have got the exposure I’m getting now!
Nowadays I feel more satisfied as many students are getting good jobs in cybersecurity, many of them are able to win money from bug bounty. At the end of the day, I feel I’m able to inspire others and help them achieve their dreams in cybersecurity.
- What are the career opportunities in the cybersecurity field in India?
A few years back, people in tech used to travel outside India in search of good work, good pay! However, I can see that India is becoming the next Silicon Valley! I have also spent some time working in San Francisco and the Netherlands. It was a great experience. I would say similar work opportunities are also becoming popular in India. In the past, I’ve worked with a few startups where the work culture was of the same standard as those in San Francisco. So, India is one of the fastest-growing markets and there are opportunities waiting for you! However, most importantly, you should have the right skills to end up getting a good job!From Cybersecurity Intern to Chief Information Security Officer (CISO), Penetration Tester to Cybersecurity Researcher, I can see all kinds of cybersecurity opportunities in the market. In fact, I can foresee that there would be potential growth in upcoming days in terms of the requirements of skilled people in infosec.
- What does the Indian market lack when it comes to cybersecurity?
I would say, the Indian market is one of the fastest-growing in the cybersecurity domain. As per many reports from bug bounty companies, India definitely has one of the highest numbers of bug bounty hunters in the world. However, bug bounty does not cover the 360-degree angles of cybersecurity. While doing a job, it’s very important to have knowledge of various domains and how to solve security problems along with engineering teams. Nowadays, it’s equally important to support development teams in designing and developing secure code along with finding vulnerabilities. When it comes to jobs, I see many candidates lack basic/fundamental skills. Also, many people’s knowledge is tool-based which won’t be of much use in today’s competitive world. In today’s world, companies want you to write your own tools for security automation or as per their requirement.
If you want to have a good career in cybersecurity, you will have to constantly learn new technologies, the same as the developers.
- What career advice would you like to give to a learner who is a beginner in the cybersecurity domain?
It’s very important to have a proper vision for your career. In cybersecurity, there are several domains like Application Security, Exploit Development, Security Operations, Security Compliance, Malware Analyst, Security Architect, to name but a few. Based on your background, your experience, and your willingness to work, you need to select the right domain and right direction for your career. Otherwise, there are so many resources, certifications, and study material that will result in you getting lost among all this.!
The Jigsaw Academy family congratulate Swaroop on his big success and wish him all the best for his future endeavors.
If you are a cybersecurity enthusiast and interested in making a successful career in this domain, join the league by enrolling in our intensive Master Certification in Cyber Security (Red Team), and learn from our such industry experts who’ve mastered the skills.
To know more about the course click here.