Leave us your email address and we'll send you all the new jobs according to your preferences.
Vulnerability Analyst Interview
Posted 3 hours 25 minutes ago by The Interview Portal
Permanent
Not Specified
I.T. & Communications Jobs
London, United Kingdom
Job Description
Trust in digital transactions and financial technologies is crucial for the smooth functioning of modern society.
Neelam Kadbane, our next pathbreaker, Senior Vulnerability Analyst at Mastercard, identifies and addresses security vulnerabilities within Mastercard's environment & products by conducting network penetration tests.
Neelam talks to Shyam Krishnamurthy fromThe Interview Portal about the innumerable challenges and the satisfacation of her work in preventing potential breaches that could lead to financial loss, identity theft, or disruption of services.
For students, no matter what field you choose, develop your fundamentals, stay curious and keep learning, because the world is full of opportunities!
Neelam, can you explain your background to our young readers?
I'm from Pune, and I've spent my entire life here. I did my schooling and college in Pune and being a "Punekar" has had a big influence on who I am today. Growing up in a Marathi household, our culture played an important role in shaping my values and outlook on life. In my free time, I love trekking, with monsoon treks being my absolute favourite. I also enjoy reading and often pick up a book or two, though not as often as I'd like. Solo bike rides are my form of meditation-they give me the space to reflect and recharge.
When I was a kid, I was always fascinated by movies that showcased technology, whether it was about hacking, futuristic gadgets, or complex computer systems. Even though I didn't fully understand everything at the time, I was drawn to the world of technology and innovation. I guess, in hindsight, that attraction was an early indicator of where my interests would eventually lead me, even though I didn't realize it back then.
My father is now a retired government servant. Throughout his career, he was known for his unwavering dedication-he never took a day off from work. His commitment went beyond the ordinary, and even today, people still talk about his work ethic and the impact he had on those around him. His hard work anddedication have always been a source of inspiration for our family, motivating us to keep pushing forward no matter the challenges.
My mother, on the other hand, started her business at a very young age. While most teenage girls were busy choosing fancy dresses for parties, she was already a proud business owner. Even now, she hasn't stopped. Her passion for her work and her profession is truly remarkable. The way she continues to learn new things, even at this age, is inspiring to everyone around her.
They always taught me that whatever you do, give it your best effort. They also emphasized that it doesn't matter what you do as long as it makes you happy.These lessons have guided me throughout my career and personal life.
What did you do for graduation /post graduation?
I completed my bachelor's degreein Computer Engineering from PuneUniversity.
What made you choose such an offbeat, unconventional and cool career in Cybersecurity?
My journey into IT and Cybersecurity has been shaped by a mix of curiosity, inspiration, and pivotal experiences. Growing up, I was always fascinated by technology. I remember being the one in the family who would eagerly explore how gadgets worked. This curiosity naturally led me to pursue a degree in computer engineering.
During my college years, I was fortunate to haveprofessors who not only taught me technical skills butalso encouraged me to think critically and pushboundaries. Their influence sparked a deeper interest intechnology, particularly in the area of security. I vividlyrecall working on a project that involved securing anetwork. That hands-on experience was a turning point, it made me realize how much I enjoyed the challenge of solving complex problems related to cybersecurity.
The decision to pursue a PG diploma in IT Infrastructure and System Security at CDAC ACTS Pune was another significant moment in my journey. I wanted to specialize in an area that I found both challenging and rewarding. This program was intense, but it equipped me with the skills and confidence I needed to carve out a career in cybersecurity. Looking back, it wasn't just one thing but a series of influences, and experiences that guided me towards this path. And I'm grateful for each one of them.
Tell us about your career path
After graduating with a degree in computer engineering, I found myself at a crossroads. The field of computer engineering isincredibly vast, and every part of itfascinated me. But I wasn't sure whichdirection to take. To clear my head andfigure out what I really wanted to do, I took a job in a non-technical role at an MNC. That was my first job, and I stayed there foralmost a year. Working in that environment gave me valuable insights into the corporate world and helped me understand the kind of work I wanted to pursue.
While working there, I started preparing for the CDAC entrance exam. Once I cleared it, I left my job to focus entirely on my PG diploma. The course was intense and challenging, but it was also incredibly rewarding. My professors and batchmates played a huge role in shaping my knowledge and skills, and by the end of the course, I was certain that I wanted to build my career in information security.
My determination paid off when I landed my first technical job as a Security Engineer at Qualys, an Enterprise Cyber Risk & Security Platform . It was a significant achievement for me, especially since it's rare for companies to hire freshers directly into the InfoSec domain. At Qualys, I worked with the Vulnerability Management team, where we researched new CVEs and zero-day vulnerabilities, and developed signatures for vulnerability scanners.
A zero-day vulnerability is a security flaw in software or hardware that is unknown to the vendor or developer. Since the vendor is unaware of the vulnerability, no patch or fix is available, making it highly dangerous. The term "zero-day" comes from the fact that once the vulnerability is discovered by malicious actors, the vendor has zero days to fix it before it can be exploited. e.g. suppose Chrome released a new version but it has a small flaw that allows a hacker to bypass security checks and access users' data. If hackers discover and exploit this flaw before the Chrome's developers are aware of it, this is a zero-day vulnerability.
A vulnerability scanner is a tool used to identify knownsecurity weaknesses in systems, networks, or applications. These tools scan the target environment,looking for vulnerabilities like misconfigurations, missingpatches or outdated software. They compare thefindings against a database of known vulnerabilities togenerate a report with the details.e.g. mostly every organization runs a vulnerabilityscanner on its network, which identifies known security flaws. The scanner reports these issues so the IT team can prioritize and fix them to secure the network. Thereare tools like Nessus, Qualys, OpenVAS, Nexpose, Astra etc.
CVE stands for Common Vulnerabilities and Exposures and is a standardized identifier for known security vulnerabilities. Each CVE entry includes a uniqueidentifier (e.g., CVE-2024-XXXX), a brief description of the vulnerability, and references to further information. CVE helps security professionals share and discussvulnerabilities consistently.
How They Relate:
• A zero-day vulnerability would not have a CVE initially because it is unknown.
• Once a zero-day is discovered and documented, it may be assigned a CVE.
• Vulnerability scanners use CVE databases to identify known vulnerabilities in systems, but they might not detect a zero-day vulnerability until it's publicly disclosed and assigned a CVE.
This combination of concepts is key in managing andmitigating security risks in any environment.
This experience piqued my interest in penetrationtesting, leading me to my current role as a Pen Tester at Mastercard.
My career path wasn't linear, but each step taught me something valuable and brought me closer to where I am today.
How did you get your first break?
My first big break came while I was pursuing my PG diploma at CDAC. The institute has a placementprogram where companies shortlist candidates basedon their merit. When I was selected for an interview, I knew it was going to be a tough day. The interviewprocess was intense. Since companies were hiringfreshers without any prior experience, they needed tomake sure we were the right fit through a series of technical and scenario-based questions.
The day of the interview was a rollercoaster of emotions. I had to go through three rounds of technical interviews followed by a HR round, all in one day. Each round wasmore challenging than the last. I was scared, nervous and anxious, constantly wondering what questions I would face and how the interviewers would be. The waiting was nerve-wracking, but when my turn finally came, I gave it everything I had.
When I finally walked out of that last interview, I felt a mixture of relief and disbelief. It was hard to tell if I wasdreaming or if this was real. But when I got the news that I had been selected, I was overjoyed. It was one of the happiest moments of my life, and I knew that all the hard work and preparation had paid off.
What were some of the challenges you faced? How did you address them?
One of the most significant challenges I faced was when I decided to pursue my PG diploma. At that time, my family was going through a financial crisis, and we didn't have the money for the course fees. I was working at an MNC, but the salary was too low to secure a loan . click apply for full job details
Neelam Kadbane, our next pathbreaker, Senior Vulnerability Analyst at Mastercard, identifies and addresses security vulnerabilities within Mastercard's environment & products by conducting network penetration tests.
Neelam talks to Shyam Krishnamurthy fromThe Interview Portal about the innumerable challenges and the satisfacation of her work in preventing potential breaches that could lead to financial loss, identity theft, or disruption of services.
For students, no matter what field you choose, develop your fundamentals, stay curious and keep learning, because the world is full of opportunities!
Neelam, can you explain your background to our young readers?
I'm from Pune, and I've spent my entire life here. I did my schooling and college in Pune and being a "Punekar" has had a big influence on who I am today. Growing up in a Marathi household, our culture played an important role in shaping my values and outlook on life. In my free time, I love trekking, with monsoon treks being my absolute favourite. I also enjoy reading and often pick up a book or two, though not as often as I'd like. Solo bike rides are my form of meditation-they give me the space to reflect and recharge.
When I was a kid, I was always fascinated by movies that showcased technology, whether it was about hacking, futuristic gadgets, or complex computer systems. Even though I didn't fully understand everything at the time, I was drawn to the world of technology and innovation. I guess, in hindsight, that attraction was an early indicator of where my interests would eventually lead me, even though I didn't realize it back then.
My father is now a retired government servant. Throughout his career, he was known for his unwavering dedication-he never took a day off from work. His commitment went beyond the ordinary, and even today, people still talk about his work ethic and the impact he had on those around him. His hard work anddedication have always been a source of inspiration for our family, motivating us to keep pushing forward no matter the challenges.
My mother, on the other hand, started her business at a very young age. While most teenage girls were busy choosing fancy dresses for parties, she was already a proud business owner. Even now, she hasn't stopped. Her passion for her work and her profession is truly remarkable. The way she continues to learn new things, even at this age, is inspiring to everyone around her.
They always taught me that whatever you do, give it your best effort. They also emphasized that it doesn't matter what you do as long as it makes you happy.These lessons have guided me throughout my career and personal life.
What did you do for graduation /post graduation?
I completed my bachelor's degreein Computer Engineering from PuneUniversity.
What made you choose such an offbeat, unconventional and cool career in Cybersecurity?
My journey into IT and Cybersecurity has been shaped by a mix of curiosity, inspiration, and pivotal experiences. Growing up, I was always fascinated by technology. I remember being the one in the family who would eagerly explore how gadgets worked. This curiosity naturally led me to pursue a degree in computer engineering.
During my college years, I was fortunate to haveprofessors who not only taught me technical skills butalso encouraged me to think critically and pushboundaries. Their influence sparked a deeper interest intechnology, particularly in the area of security. I vividlyrecall working on a project that involved securing anetwork. That hands-on experience was a turning point, it made me realize how much I enjoyed the challenge of solving complex problems related to cybersecurity.
The decision to pursue a PG diploma in IT Infrastructure and System Security at CDAC ACTS Pune was another significant moment in my journey. I wanted to specialize in an area that I found both challenging and rewarding. This program was intense, but it equipped me with the skills and confidence I needed to carve out a career in cybersecurity. Looking back, it wasn't just one thing but a series of influences, and experiences that guided me towards this path. And I'm grateful for each one of them.
Tell us about your career path
After graduating with a degree in computer engineering, I found myself at a crossroads. The field of computer engineering isincredibly vast, and every part of itfascinated me. But I wasn't sure whichdirection to take. To clear my head andfigure out what I really wanted to do, I took a job in a non-technical role at an MNC. That was my first job, and I stayed there foralmost a year. Working in that environment gave me valuable insights into the corporate world and helped me understand the kind of work I wanted to pursue.
While working there, I started preparing for the CDAC entrance exam. Once I cleared it, I left my job to focus entirely on my PG diploma. The course was intense and challenging, but it was also incredibly rewarding. My professors and batchmates played a huge role in shaping my knowledge and skills, and by the end of the course, I was certain that I wanted to build my career in information security.
My determination paid off when I landed my first technical job as a Security Engineer at Qualys, an Enterprise Cyber Risk & Security Platform . It was a significant achievement for me, especially since it's rare for companies to hire freshers directly into the InfoSec domain. At Qualys, I worked with the Vulnerability Management team, where we researched new CVEs and zero-day vulnerabilities, and developed signatures for vulnerability scanners.
A zero-day vulnerability is a security flaw in software or hardware that is unknown to the vendor or developer. Since the vendor is unaware of the vulnerability, no patch or fix is available, making it highly dangerous. The term "zero-day" comes from the fact that once the vulnerability is discovered by malicious actors, the vendor has zero days to fix it before it can be exploited. e.g. suppose Chrome released a new version but it has a small flaw that allows a hacker to bypass security checks and access users' data. If hackers discover and exploit this flaw before the Chrome's developers are aware of it, this is a zero-day vulnerability.
A vulnerability scanner is a tool used to identify knownsecurity weaknesses in systems, networks, or applications. These tools scan the target environment,looking for vulnerabilities like misconfigurations, missingpatches or outdated software. They compare thefindings against a database of known vulnerabilities togenerate a report with the details.e.g. mostly every organization runs a vulnerabilityscanner on its network, which identifies known security flaws. The scanner reports these issues so the IT team can prioritize and fix them to secure the network. Thereare tools like Nessus, Qualys, OpenVAS, Nexpose, Astra etc.
CVE stands for Common Vulnerabilities and Exposures and is a standardized identifier for known security vulnerabilities. Each CVE entry includes a uniqueidentifier (e.g., CVE-2024-XXXX), a brief description of the vulnerability, and references to further information. CVE helps security professionals share and discussvulnerabilities consistently.
How They Relate:
• A zero-day vulnerability would not have a CVE initially because it is unknown.
• Once a zero-day is discovered and documented, it may be assigned a CVE.
• Vulnerability scanners use CVE databases to identify known vulnerabilities in systems, but they might not detect a zero-day vulnerability until it's publicly disclosed and assigned a CVE.
This combination of concepts is key in managing andmitigating security risks in any environment.
This experience piqued my interest in penetrationtesting, leading me to my current role as a Pen Tester at Mastercard.
My career path wasn't linear, but each step taught me something valuable and brought me closer to where I am today.
How did you get your first break?
My first big break came while I was pursuing my PG diploma at CDAC. The institute has a placementprogram where companies shortlist candidates basedon their merit. When I was selected for an interview, I knew it was going to be a tough day. The interviewprocess was intense. Since companies were hiringfreshers without any prior experience, they needed tomake sure we were the right fit through a series of technical and scenario-based questions.
The day of the interview was a rollercoaster of emotions. I had to go through three rounds of technical interviews followed by a HR round, all in one day. Each round wasmore challenging than the last. I was scared, nervous and anxious, constantly wondering what questions I would face and how the interviewers would be. The waiting was nerve-wracking, but when my turn finally came, I gave it everything I had.
When I finally walked out of that last interview, I felt a mixture of relief and disbelief. It was hard to tell if I wasdreaming or if this was real. But when I got the news that I had been selected, I was overjoyed. It was one of the happiest moments of my life, and I knew that all the hard work and preparation had paid off.
What were some of the challenges you faced? How did you address them?
One of the most significant challenges I faced was when I decided to pursue my PG diploma. At that time, my family was going through a financial crisis, and we didn't have the money for the course fees. I was working at an MNC, but the salary was too low to secure a loan . click apply for full job details
The Interview Portal
Related Jobs
Senior Software Engineer - National Security
- Gloucestershire, Bristol, United Kingdom, BS153
Family Services Manager - Plymouth
- Devon, Plymouth, United Kingdom, PL1 1
Software Engineer
- Hampshire, Farnborough, United Kingdom, GU140
Lead Cable Percussion Driller Geotechnical Drilling Leeds
- Yorkshire, Leeds, United Kingdom, LS1 8
Principal Software Engineer -C#/.Net,React
- London, United Kingdom