My journey to Synack Red Team

As I've just accomplished one of my all-time goals, becoming a Synack Red Team member, I'm going to narrate my journey into this world, as it was a hell of a ride.

SRT Joining Process

As I stated in my previous article, after finishing the SRT track on Hack The Box I got a fast track to bypass the waiting list. I was almost 100% sure they wouldn't take into consideration my application because I didn't have a bright CV or experience in Bug Bounties, but nevertheless, I decided to apply.

After three months, much to my disbelief, I got an email informing me that I had been selected to proceed with the technical assessment which consisted of several web, host, and mobile challenges. I was given a week to try and complete them. I ended up getting an 87% score with only having the mobile challenge incomplete, as I don't have experience with it.

The next step in the process was a one-way interview (I didn't even know it existed). You get some questions video recorded for you, and then you have to record yourself answering that questions. Depending on the complexity of the question more time is given to answer it but not much more, tho.

Following up, if you seem friendly enough and don't give any shady answers to the questions, they'll proceed with the background check, where some third-party organizations investigate your background to check if you're suitable for the SRT membership.

If everything goes fine you'll get to the last step of the onboarding process in which you have to read different manuals and tutorials on how everything works on the website. Finally, you need to get a passing grade on an exam about everything you learned.

One week after submitting my exam and finishing the onboarding process, I got the so desired email.

As you would imagine, after reading the title of the email, the endorphins started to rush through my body. I didn't think I would be able to join Synack so early in my career, but here I am.

With this opportunity, I'll surely do a heck of new stuff, and luckily I will be able to help companies secure their assets and make the Internet a safer place.

My first steps in infosec

All of this started with a friend of mine getting two books about cybersecurity as a gift. It sparked my interest in the field and wanted to know more. After doing some research I ended up on HackTheBox, turned out it was the best website to learn according the reviews. Unknowingly, I headed to the webpage and to my surprise I had to hack my way in. "How the hell was I supposed to learn about hacking, if I had to hack my way in to learn !?!"

I ended up watching video tutorials on how to do it. It was that moment I knew I had to change my mindset. I had to put great effort in learning and researching, hours and hours of courses and walkthroughs (TCM Courses and Ippsec videos mostly).

Later some guys around there recommended me TryHackMe webpage, which is friendly with beginners and pretty easy and fun to use; PentesterLab, which is also great (I even won a subscription here) and PortSwigger Labs.

Red team certificates and so on

After long hours of reading, studying and trying once and again, I noticed that my skills had improved and accordingly, so did my position on Hack The Box's ranks. This boosted my confidence and made me want to get security certificates.

The first target I took down was eJPT, you can see my thoughts about it here. CPHE form a Spanish security company was next, fairly easy to be honest, then eWPT which was quite challenging, and finally, last week I got my hands on eCPPTv2.

Now my focus is on CRTP. I'm finishing their course at the moment, and I'll take the one week long exam when I free time. If I hopefully pass it, I'll post my opinion of it.