Part 2: The Turning Point – My Journey to InfoSec
I enrolled in the module, “Software and System Security,” which gave me hands-on experience in other areas of Security, such as system and network security. I credit a lot of my exposure and development to this module even though I enrolled in every Security related module the University had.
In part one, I stated that I started University and enrolled in the Computing Degree program with my eyes on becoming a Computer Science major. Well, Spoiler Alert! I didn’t achieve this, and here’s why. When I started University, I already had a strong background in programming, so a Computer Science major seemed like a no brainer. While this was true at the time, there was something I did not take into consideration when I made this decision. It was the fact that I was horrible at complex mathematics.
Complex mathematics was a core part of the Computer Science degree program, and I was failing and failing badly. I kept trying and trying with the math courses, but the results were almost always the same, Fail. When I saw that I was near academic probation, I decided to switch from Computer Science to Information Technology, which had a lot more courses focused on programming. Shortly after I made the switch, my grades began to improve.
I then enrolled in the module, “Software and System Security,” which gave me hands-on experience in other areas of Security, such as system and network security. I credit a lot of my exposure and development to this module even though I enrolled in every Security related module the University had to offer. Some of which were not a part of the original scope of my major.
Enrolling in Software and System Security was the start of the turning point when I decided that I wanted to pursue a career in Security. While enrolled in this course, I realized that I understood the concepts, techniques, and methodologies faster than most of the other students in my class.
Acing the module, however, was not the actual turning point because, at that time, I still had very high hopes of becoming a professional software developer. The module Software and System Security had a research project as the final assessment in which students had to form small research groups. Each group chose from a list of security research topics with the expectation of presenting a research paper and proof of concept where applicable. I started a team of three students and chose what was arguably the hardest research topic, “WhatsApp Web.”
Our research goal was to figure out how we could replay WhatsApp login tokens to log into the victim’s WhatsApp account without scanning the Quick Response (QR) code. We accomplished our objectives by cloning the WhatsApp Web site and intercepting the traffic between the victim’s WhatsApp mobile application and WhatsApp servers. We were then able to replay critical parts of the traffic on the official WhatsApp Web site to gain access to the victim’s WhatsApp account. Don’t worry; Facebook patched the issue. Our research and presentation, which was a live DEMO of the “hack,” won my team and me, best security research. This award was decided by a panel of judges who were representatives from the public and private sector of Jamaica.
After all that, I still wanted to become a professional software developer. The lecturer who taught the Software and System Security module saw the potential and drive my team had and signed us up to participate remotely in a reverse engineering competition. The competition was put on by North Carolina University, Chapel Hill. It was brutal, as reverse engineering was still new to all of us. However, we placed among the top ten teams, and I, as team lead, was privileged to visit the North Carolina University, Chapel Hill.
During my visit to North Carolina University, I completed the new, challenge-based, active learning exercises under development for undergraduate students who enrolled in the advanced Security Module. These exercises were intense as they required an understanding of low-level programming and software exploitation. Nevertheless, I was able to complete each challenge, gaining loads of new information and ideas about low-level software exploitation.
I also presented the WhatsApp research to faculty members of the Computing department. One of those faculty members included the professor who heads security research for the University. He was the one who introduced me to the idea of Security as a profession after seeing the WhatsApp research presentation and hearing my dream of becoming a professional software developer. I did not know career paths existed in Security, and the professor opened my eyes to the possibilities, encouraging me to investigate the field and decide. The actual turning point in my life was at this exact moment.
Now empowered and inspired by the words of that professor, I returned to Jamaica with a new goal, researching how I could pursue a career in Security. In part three, find out how I did my research about the security field and discovered certifications. Leave your comments below, highlighting what the turning point in your career was.