In few fields are professionals as passionate about what they do as hackers.
And Nullcon’s experience shows that a passion for cybersecurity is not restricted to men or particular age or ethnic groups.
Because at Asia’s largest international security conference, we nurture this enthusiasm by providing an environment that is fun, social and welcoming to anyone – regardless of identity, background or experience level. Community and mentorship opportunities are also key to how we bolster the confidence of up-and-coming talents from a variety of backgrounds, especially given the global cybersecurity skills gap.
The result is an impressive diversity of attendees, speakers and participants.
Diversity of ‘nationalities, sectors, job roles’
Nullcon, whose next Goa edition takes place in September, features “speakers across different nationalities, sectors and job roles”, and “participation across government, industry, and academia –all on one platform”, according to Angelina Gokhale, assistant professor at the Symbiosis Centre for Information Technology in Pune, India.
A diversity of workshops, “tracks and topics” and “great networking opportunities through the exhibition area” make Nullcon appealing to attendees with a variety of interests, skillsets and experience levels, adds the computer science PhD.
Shreya Pohekar, a developer and application security enthusiast who delivers talks and organises Capture the Flag (CTF) competitions at Nullcon, adds: “Nullcon attracts a diverse crowd that includes CEOs, CISOs, consultants, researchers and professionals from various infosec roles”.
Riddhi Shree, senior lead engineer at wireless tech multinational Qualcomm and trainer for the upcoming Goa event, says she meets infosec enthusiasts from across India – and beyond.
Featuring numerous female speakers, Nullcon is a particular trailblazer in promoting gender diversity in a traditionally male-dominated discipline.
Nullcon also hosts Winja, a volunteer-run virtual community that champions gender diversity and holds technical talks, workshops and CTF competitions throughout the year, including at Nullcon.
Winja was initially female-only to address the underrepresentation of women in the infosec field. “Over time, the CTF expanded its scope to include both men and women, promoting diversity and inclusivity,” says Pohekar, a Winja CTF team member for the past four years.
It was Shree, a former member who led the Winja initiative for several years, who suggested opening the group to the opposite gender. “A lot of men also used to show interest in helping the community, so I said let’s do it together, because we can learn from you and together we can become better.”
More than just a CTF
The tight-knit group attracted plenty of membership requests, mostly from college graduates. Membership was contingent on solving a small hacking challenge.
Once admitted to the group, members are encouraged to fearlessly pursue their interests. “We did not restrict ourselves,” explains Shree. “We explored new things and there was room for mistakes.”
Shree says “the CTFs are more than just CTFs”. There are pre-CTF warm-up quizzes, post-CTF write-ups and online walk-throughs, and the CTF infrastructure is left running for at least a day or two after the competition.
“We always include a warm-up section in our CTF to ensure that newcomers feel included and avoid frustration,” says Pohekar. “It has been truly amazing to witness how the entire team has diversified and grown throughout these years.”
The challenges replicate “real-world situations” in order to give participants “a practical understanding of the challenges they may encounter in their professional careers”, continues Pohekar.
Pohekar says that creating and tackling web, cloud, OSINT and crypto challenges has “exposed me to various tech stacks and their practical implementation at scale”.
She says she benefits enormously from the team’s “regular sync-up calls, where we brainstorm challenge ideas and seek assistance whenever we encounter obstacles”, and that “Winja has been a source of learning leadership skills, taking ownership of commitments, and instilling a sense of responsibility in all team members.”
No wonder that Nullcon has proved such an effective bridge between education and the world of work, and between disciplines, for professionals from a variety of backgrounds.
Shree secured her first security job after meeting her future employer at Nullcon, for instance, and both Shree and Pohekar credit Nullcon with facilitating their migration into product security, from test engineer and software developer respectively. Pohekar has also witnessed job offers extended at Nullcon before positions were officially advertised.
Salesforce senior recruiting manager Jeeten Masrani, who generated 160 leads from Nullcon, was impressed by the presence of “top-in-class security experts” and the diversity of nationalities and experience levels. “A gathering of this kind is rare to find under one roof,” he says.
As well as meeting potential future employers at Nullcon, Shree suggests that graduates and young professionals benefit from effectively mentoring each other.
It was a great “chance to collaborate and learn,” she explains. “There were people who I felt knew a lot of things that I didn’t know, so I could learn from them. Then there were people who, like me, wanted a career switch, and were also feeling lost – so I could motivate them.”
Professor Angelina Gokhale says graduates should seek mentors who are knowledgeable about the subject, “encouraging and open-minded, innovative and creative when guiding students, a good storyteller (would be a plus), able to lead by example, and motivated to learn new concepts and advances in the threat landscape.”
Asked to give career development tips to graduates or young professionals, she recommends activities that are all provided by Nullcon: “Reading and writing blogs related to cybersecurity; presenting and volunteering at various national/ international security conferences; participating in local security chapters and community engagements; participating in hackathons and workshops/villages; and exploring collaboration opportunities with industry experts, mentors, and peers.”
The power of community
Nullcon and Winja clearly provide great opportunities to build both hard and soft skills. “Nullcon empowered me to showcase my expertise through public speaking, while Winja has been a treasure trove of technical knowledge, leadership development and teamwork,” says Pohekar, currently product security analyst at bug bounty platform HackerOne.
Shree, meanwhile, cites setting up CTF infrastructure with Kubernetes as a particularly invaluable experience. “We had as many as 800-1,000 participants and our infrastructure went down again and again,” she recalls.
“With Kubernetes it was as simple as killing the pod and starting a new one. There was some time lag because of that, but we could make it more robust with load balancing”, among other measures.
The community dimension is surely as pivotal to career progression as any Nullcon benefit. “Learning is one thing; when you really want to make a career switch you need social connections,” says Shree.
“When I joined this community, I felt at home. Everyone is curious. Everyone is trying to learn. Everyone is sharing. Everyone is so tolerant. Even if you make mistakes, people are giving constructive feedback through a real-world scenario, in a nice way.”
Author: Adam Bannister