From IT to Cybersecurity: Suman Roy's Journey
Hi Suman! Please introduce yourself and share your background.
Hi everyone! I am Suman Roy, a Security Researcher at LoginSoft from India. Before getting into cybersecurity, I spent four years in IT, working mostly as a back-office executive and technical support, providing services for clients in the United States of America, New Zealand, and Australia.
I love doing Capture The Flag (CTF) competitions and hacking scammers. I also did some bug hunting for the Indian Government, finding some Remote Code Execution (RCE) and SQL Injection vulnerabilities. I'm a big time fan of horror movies and long rides, and love to share motivational reels 🙂. I also have a unique interest in geopolitics and national security.
Can you share the moment or experience that sparked your interest in cybersecurity?
To be honest, cybersecurity wasn't my first choice. After 10th grade, I wanted to pursue science in 11th and 12th grades so I could join the Indian Air Force.
Unfortunately, I wasn't strong enough in math 😛, though I was good at all other subjects.
So I never got into the science track, so I chose the Arts track, majoring in English, Geography, and more. I was a bit of a geek back then, and I had the option to take computer science as a subject in the Arts stream under certain conditions. I enrolled in it, and one day after returning from school, I watched Die Hard 4. The scenes involving signal intelligence and satellite hacking really inspired me.
Here are some videos about satellite hacking:
- Behind Enemy Lines: https://www.youtube.com/watch?v=ou4UjwKag7E
- Hacking a Bird in The Sky: https://www.youtube.com/watch?v=S5wQrp8XQHQ
And for signal intelligence:
- Cell Phone Location Tracking: https://www.youtube.com/watch?v=-wu_pO5Z7Pk
- Covert Communication Reference (Snowden): https://www.youtube.com/watch?v=81cWM5DURT8
I realized that while I couldn't serve in the armed forces, I could definitely develop skills that would help my country in other ways.
However, I didn't have many resources from 2013 to 2019, so I learned mostly from YouTube until I discovered TryHackMe and Hack The Box. That’s when my real journey began.
You are an avid TryHackMe user who has completed over 230 rooms! How has the TryHackMe platform helped you develop your cybersecurity skills?
Yes, I have completed more than 230 rooms! For readers, I'd like to mention that a subscription is not necessary. There are plenty of free rooms available for training purposes. I wasn't a premium user for a solid year.
I used the free rooms, and if I got stuck, I used the notes and references from other users. You cannot learn everything on your own, so it's important to ask for help when needed. Have a student-like mentality and be humble. “If I don’t know, I don’t know, and I will ask for help”.
As I went through the notes, I became more comfortable with Linux shell scripting because I was trying to automate tasks, sometimes using Python. I also made notes on what to use, when, and why, depending on the situation. I created my own checklist and tried different known methods before jumping to walkthrough articles.
Automating exploits helped me become a better developer as well. My team and I have automated TryHackMe Advent of Cyber 2023 challenges. Find them on my GitHub here: https://github.com/sumanrox/sidequest-exploits
I do have a Hack The Box account, but I'm not very active on it. My last rank was “Hacker”. You can find my profile here: HackTheBox
The reason I use TryHackMe more than Hack The Box is simple: Hack The Box is much tougher and wasn't suitable for me in the early stages. I found it exhausting with very little help and few articles at that time. TryHackMe is more user-friendly for beginners, while Hack The Box is better for sharpening existing skills once you have some experience.
You can navigate through the rooms easily in THM and not get frustrated about it, while in HTB it's like banging your head against the wall.
Who are your role models in the security community?
John Hammond, David Bombal, Occupy the Web, and Ryan Montgomery. These four have been incredibly inspiring, and I've learned a lot from them throughout my journey. Additionally, the TryHackMe Discord community has been very helpful and collaborative. I haven't met them in person, but I’d love to someday.
What advice would you give to a student interested in becoming a Security Engineer?
If you’re just starting out, try using TryHackMe. Begin with the introductory and easy rooms, and then level up as you learn more. Use YouTube and other resources, like ChatGPT, to understand and clarify concepts.
You don't need a degree to get into cybersecurity or software development. There are many opportunities for those with the right skills, and I'm a prime example of that. I never wanted a degree and left university to get into tech support, which helped me develop a problem-solving mindset. I believe practical experience is more valuable than classroom theory. However, I left university mainly due to financial reasons, so if you have support, pursue a degree, but also seek practical experiences.
Taking notes early on will definitely help you a lot. Cybersecurity has a steep learning curve, and you won’t see quick results at first. Make Google and ChatGPT your best friends. There's also another AI model called PentestGPT.ai which could be useful.
Please remember that, unlike in CTFs, you should not expect to gain root access on public servers. Vulnerabilities can range from simple information disclosure to remote code execution. Some targets may only be vulnerable to XSS, so don't get discouraged; every target is different.
Don't hack unauthorized targets; instead, hack scammers or hunt down bad actors and report them 🙂
Remember, it's a journey, not a race. You are your own competition and no one else. If you ever feel unmotivated during tough times, remind yourself why you started and believe that God gives the toughest battles to His strongest soldiers.
What are your career goals for the future?
I would love to hack into Microsoft and become CEO for a day at least 😛
My goal is to become 1% better every day. I also aspire to start my own cybersecurity firm.
Do you have any non-cyber related hobbies?
Not really, unless watching and sharing motivational reels count as a hobby.
I'm very interested in geopolitics.
I enjoy horror movies like The Nun, The Conjuring series, and Insidious. I also love listening to paranormal research and stories – some podcasts provide real-life insights into these other dimensions.
I enjoy long rides on my scooter and going to the gym to stay fit. As you can see, I have many different interests 🙂.
Thanks for taking the time to answer these questions! Please link any social media you’d like below.
Before getting into cyber, I was training myself on web development and UI/UX
I exist on other places on the Internet 🙂 here are my usernames: sumanrox, suman.roy, sumanroy.official. Feel free to hunt