Hi Friends, Today, I want to share my journey so far.
One of the most common questions I’ve received in interviews over the years is: “Why or how did you transition to cybersecurity from a commerce background?”
Not just in interviews, whenever I meet someone from the infosec community or introduce myself at meetups or conferences, this question often comes up. So, I thought it’s time I write a blog about my journey, how I moved from being an articled assistant to entering the world of cybersecurity.
🌱 Where It All Began
This story goes way back to my school days, during the vacation after my 4th standard. My parents enrolled my brothers in a computer class at Don Bosco College, which was near our home. After their first day, they came back and excitedly said they played some games and did other things I didn’t really understand at the time. I got upset and started crying, telling my parents I also wanted to join them in the computer class.
Thankfully, my parents agreed and enrolled me too. I was the youngest student in the class. I still remember Jose Sir who warmly welcomed me. I sat in front of a desktop computer, completely clueless. Jose Sir came over and introduced me to the basics, he showed me what a monitor, CPU, keyboard, and mouse were. Over the next few days, he patiently taught me the basics of computers, and I started enjoying it.
During those two months, I learned the fundamentals of computers and even got to see what was inside a CPU. It was a fascinating experience. Later, when I joined 5th standard, we had a computer lab in our school, and I got to explore even more. But the real foundation, and the curiosity and excitement was built by Jose Sir.
📚 The Commerce Route (and a Spark of Rebellion)
After completing my 10th grade (SSLC), my parents wanted me to become a Chartered Accountant. So, they encouraged me to take Commerce, and I completed my Plus Two in Commerce. After that they wanted me to pursue a B.Com degree, so I joined Kristu Jayanti College in Bangalore.
At that time, I didn’t have a laptop of my own so I started using my brother’s old laptop and began exploring new things. I started with basic editing and designing, and slowly I moved on to other areas. Around the same time, I also got my first Android phone. That opened a new world for me I learned about rooting, installing custom ROMs, and tweaking phones in general.
I wasn’t the kind of student who went to college every day. I often took leave or bunked classes just to sit in my room with my laptop and learn something new. Then one day, I came across a news article about some hackers defacing an Indian government website. That sparked my curiosity – how did they do that? I started Googling “how to hack a website” and slowly began learning the basics. I didn’t know much, but I was fascinated. Unfortunately, my laptop eventually stopped working, and I had to pause everything.
💼 Becoming an Articled Assistant
After graduation, I received some job offers, but my parents still wanted me to pursue the Chartered Accountancy course and become a CA. So, I joined a CA firm called Iyer and Nair Chartered Accountants in Trivandrum and started working there as an articled assistant.
Even though CA wasn’t really my cup of tea, I worked hard and learned a lot about Income Tax, Service Tax, VAT, GST, and more. My official working hours were from 9:00 AM to 5:00 PM, but during the busy season, I often had to stretch beyond that.
After some time, I began to feel bored because I knew this wasn’t my real interest. Around then, I bought a new laptop and started learning again. I also made a few new friends – Rahul, Nizam, Nandxa, Sarxin, and others – who were all genuinely interested in cybersecurity 😄. We started learning together and sharing knowledge.
When I first began my journey into cybersecurity, the very first question I typed into Google, somewhat naively was, “How to hack Google?” 😅 I had no idea where to start, but that question opened a rabbit hole of curiosity and learning. Eventually, I stumbled upon some resources that introduced me to web application hacking. Eager to try out what I was learning, I started testing those techniques, unwisely on real websites.
At the time, I didn’t fully understand the ethical boundaries, and even though I never intended to cause harm, I later realized that testing on live sites without permission is not just bad practice, it’s wrong. That was one of my earliest lessons: curiosity is powerful, but it must be guided by responsibility.
🔓 Entering the World of CTFs and Bug Bounties
One day, I met Rahul at the Mall of Travancore. At that time, he was working as an intern at UST Global. He introduced me to Hack The Box and showed me how he solved the Jerry box. That was my first exposure to CTFs. Soon after, Nizam and I started doing CTFs together.
A few days later, Rahul told me he had started bug bounty hunting. He showed me a proof of concept for a vulnerability he found in Sony and explained the whole process to me. I was hooked. I also started bug bounty hunting and learning about new vulnerabilities and techniques.
Around the same time, I also got an opportunity to join the Kerala Police Cyberdome as a volunteer. It was a proud moment for me and a significant milestone in my journey. Being part of Cyberdome got a chance to contribute to something meaningful beyond just learning on my own.
🌙 The Dual Life: Day Job and Midnight Hunts
While working as an articled assistant, my daily routine looked like this: I’d wake up around 8:15 or 8:30 AM, freshen up, and reach the office by 9:00 – 9:15. During lunch breaks, while others were relaxing, I used that time to do bug bounty hunting. After office hours, once I got back to my room, I’d spend some time with friends and we’d cook food together. After dinner, while everyone else went to bed, I’d sit with my laptop and learn or hunt bugs until 4:30 or 5:30 in the morning.
I followed this routine every day. I found some bugs, but most of them turned out to be duplicates, but I did get a few Hall of Fame mentions and some swag too. Then, after 8 months, I got my first bounty of $250 for a Stored Cross-Site Scripting (XSS) vulnerability. That was a game-changing moment for me. It gave me the motivation to continue, and soon I started earning more bounties. I even got listed in Google’s Hall of Fame!
💬 Building a Community
Meanwhile, Rishi, Eldho, Nesooh, Ananda Krishnan, and me created a small WhatsApp group called YetAnotherSec to share knowledge, news, resources, and more. Eventually, we added many more people to the group as the community grew.
🎓 The Master’s Degree Detour
Eventually, I convinced my parents that CA wasn’t the right path for me and I wanted to work in cybersecurity. They finally agreed, but on one condition: I had to pursue a master’s degree. So I started looking for master’s programs in cybersecurity and ended up enrolling at Jain University in Bangalore. Honestly, that turned out to be a poor decision. 😞
I joined the Master of Computer Applications (MCA) program with a specialization in Information Security, but to be frank, it wasn’t worth the money. Even though I had taken admission, I didn’t attend college regularly. Instead, I stayed in my room, focused on bug bounty hunting, played CTFs, and did some freelance pentesting work. Whenever there were conferences or meetups, I made sure to participate.
During this time, the Red Team Summit was held in Calicut. My friend Hari Prasad and me attended the event, where there was a CTF competition. So, Hari, Rahul, and I teamed up and that was our first live/on-site CTF, and we won second place! The following year, I won first prize in the same event. 😄
After that, I focused more seriously on bug bounty hunting and discovered some cool bugs, including a SQL injection in Yahoo for which I received a $10,000 bounty. I went on to report valid vulnerabilities to major companies like Google, Microsoft, Oracle, AT&T, Kaspersky, and others.
🚀 My Breakthrough: UST Global
In 2019, while attending c0c0n with my friends, I got a chance to meet Shine, a friend who worked at UST Global. He introduced me to his manager, Vishnu R Nair, and I asked if there was a possibility of getting an internship at UST in my final year. He told me they’d consider it if there was an open position.
After the event, I sent him a friend request on Facebook and a connection request on LinkedIn, mainly to stay in touch and showcase my achievements.
My 4th-semester MCA classes began in the last week of December 2019. Around that time, one of my lecturers informed me that we could pursue internships during that semester. I saw this as an opportunity and shared my resume with Mohammed Shine and Vishnu Prasad, who then forwarded it to Vishnu R Nair, their manager, and Adarsh Nair, the director. Both of them gave me the green signal, and I received the internship offer at UST Global without even an interview!
I submitted my resume on a Friday, and by the following Tuesday, they asked if I could join on Thursday. At that time, I was attending a Digital Forensics workshop, so I requested to start the following Monday – January 27, 2020. The HR team agreed, and I officially began a 3-month internship at UST Global. After returning to college, I got the necessary approvals and joined UST as an intern.
That moment turned out to be life-changing.
When I joined UST Global as an intern, I already knew many of the folks there since most of them were well-known in cybersecurity communities and the bug bounty space. This made it easy for me to blend into the team. On just my third working day, I was assigned to shadow a colleague on a project and to my surprise, I found a vulnerability in that project! That experience gave me a huge boost in confidence.
My teammates were incredibly supportive and helped me sharpen my skills while teaching me how to work in a corporate environment.
By the time my internship was about to end, COVID-19 had begun spreading, and everything shifted to remote work. My manager and director told me they wanted to hire me as a full-time employee, but due to a hiring freeze, they decided to extend my internship for another 3 months before onboarding me officially. I was more than happy to accept it – even though the internship was unpaid, the experience and opportunity were invaluable. I continued doing bug bounty work on the side, and since my college classes were now held online, I was able to manage both.
True to their word, within three months, they converted my position into a full-time role. I was onboarded as a Security Engineer (A2 Band) at UST Global.
And that’s how my professional journey in cybersecurity truly began.
💡 Final Thoughts
From bunking college lectures to bug bounty nights, from CA audits to live CTFs – this journey has been anything but conventional. But if there’s one thing I’ve learned, it’s this:
Curiosity, consistency, and community can take you further than you ever imagined.
If you’re someone from a non-tech background thinking of jumping into cybersecurity – you absolutely can. The path won’t be easy, but it’s possible, and incredibly rewarding.
📬 Let’s Connect!
I’d love to hear your story too or answer any questions you have. Reach out to me on LinkedIn, Twitter, or drop a comment below!
