Cyber Was
Always First
Cybersecurity preceded any career consideration. From class 10, I was running Kali Linux, working through tools I did not yet fully understand, and figuring out the mechanics as I went. Early work was squarely in script-kiddie territory: borrowed commands, passive reconnaissance, DoS experiments because they were accessible, the Social Engineering Toolkit because it was genuinely interesting. Not sophisticated — but sustained. That distinction matters more at the start than people admit.
When degree selection came up, there was no deliberation. Cybersecurity was already the subject. Poornima University, Jaipur. The coursework provided a serviceable framework; real depth, as expected, required construction outside it. The formal structure confirmed one thing early: everyone on the same track produces the same outcomes. Edge has to be built deliberately.
2023 was when self-teaching became structured. TryHackMe rooms covering Linux internals, web exploitation, network security, and privilege escalation — worked through methodically, not casually. CTF competitions ran in parallel, which enforced a different cognitive discipline: reasoning through constrained problems rather than executing familiar tool sequences. HackTheBox and PortSwigger's Web Security Academy pushed understanding to the mechanism level — how vulnerabilities are constituted, not merely how to trigger them.
My first competitive build event, in Udaipur. The pace and intensity of working under a hard deadline with real stakes produced a different quality of learning. One conclusion was immediate: this environment accelerates growth in ways that labs alone cannot replicate.
Sustained work on TryHackMe compounded by May 2024 into a top 1% global ranking — the product of consistent, methodical progression through offensive and defensive security challenges rather than volume alone. Concurrently, a friend requested a penetration test for his company. Conducted entirely with free, open-source tools. Delivered a structured professional report. The company's senior engineers reviewed it and acknowledged the quality. That the work was indistinguishable from a constrained commercial engagement, using no paid tooling, was a useful proof of concept.
A two-day blockchain-focused event in Jaipur. Learning the rhythm of competitive builds — where time allocation decisions separate teams that ship from teams that don't.
Selected through Devfolio by building on the DIAM blockchain. Five days residential in Goa. Late-night debugging sessions, genuine technical collaboration, and working relationships formed under shared pressure. The value was not the event itself but the quality of the people in the room — security builders who thought out loud, challenged assumptions, and operated without pretence. That kind of environment provides an education that no platform or course can replicate.
A Solidity lending platform with security logic embedded at the contract level. Top 10 from 150+ teams. $400 bounty. The sponsor company indicated intent to incorporate the logic into their production platform — which is the kind of validation that carries more weight than the prize figure.
36-hour event on the Agoric blockchain. Cross-chain lending with automatic conversion via orchestration and minimised gas fees. $350 bounty. Two consecutive wins at separate events removed any question of coincidence from the equation.
Three-day residential at a university campus. A concentrated gathering of builders and researchers, with substantive conversations about tools, threat models, and emerging techniques. Industry mentors present throughout. More community than competition — and better for it.
Qualified through structured logical reasoning. Competed at IIT Madras as a finalist. What stayed with me from that campus was not the competition but something harder to quantify: the ambient standard of the place. Everyone there read broadly — not only technical literature, but across disciplines. That habit of wide reading, sustained alongside deep specialism, produced a different quality of thinking. Worth noting. Worth adopting.
HackTheBox and PortSwigger had built a thorough working knowledge of offensive technique. February 2025 was the deliberate redeployment of that knowledge on the defensive side: SOC operations, Microsoft Sentinel, KQL, SOAR automation, UEBA, cloud security monitoring. The transition was not a departure from offensive security — it was an application of it. Understanding adversarial methodology at a granular level makes detection engineering materially sharper. That principle underpins everything built since.
SOC operations, incident playbook development, KQL detection rule authoring, Azure Sentinel and AWS GuardDuty, live ticket triage, night-shift rotations. Built Project Horizon and Project Citadel independently. A full-time offer was extended and declined — not due to the role, but a contractual clause that made acceptance impractical. The offer itself was the relevant data point.
Joined Quantix IT Ltd — an early-stage startup — as a remote SOC L1 Analyst. Alert triage and continuous monitoring via Sumo Logic SIEM; incident lifecycle managed through Zendesk ticketing and reporting. Implemented SOAR-based workflow automation for enrichment, correlation, and escalation, reducing manual analyst overhead. Contributed to production-grade client security projects covering detection coverage expansion, runbook documentation, and operational tooling improvements. A compact, high-ownership environment where every contribution was visible.
Eight semesters at Poornima University, Jaipur. CGPA 7.20. Four years of formal coursework alongside competitive events, independent builds, penetration testing, and fifteen months of hands-on SOC work across two organisations. The degree was a container. The education was built everywhere else.