Stories/Nemesis Contreras
Nemesis Contreras

Nemesis is a Security Researcher. She is in charge of triaging incoming bug reports and researching mitigation of security vulnerabilities.

#infosec

Tell us about yourself

A little bit about my back story is I was the high school straight-A student who was really bad at college. I dropped out of college at UC Berkeley for multiple reasons. This was a rough start. I worked a series of odd jobs to pay off my college debt and pay for my rent jobs included: making smoothies, working at a Japanese dollar store, and industrial machinist. Eventually, given the city I live in is a tech hub (with insane rent prices) I stumbled into tech.

I was curious about jobs to better sustain myself. I attended seminars and conferences in the city to learn more. Found supportive coding communities. I applied and failed a TON of coding interviews. I began questioning my next job and was in a desperate need for friends since I was bullied in my workplace which led me to fall into a deep depression. Moved back in with my parents. Until things started to look up and I found the infosec community on Twitter.

I felt very lucky to be given sponsorships to events and support from people who were like me (dropouts) yet still had a good job they liked in infosec. My transition into infosec was purely coincidental. I have been in the community for less than a year. I was able to get paid to help people pass CTF levels for a Discord server I started for the HackerOne CTF which at the time had about 3k people.

Then, I was very generously offered the opportunity to do security work for Adafruit Industries as a remote contractor. I currently triage incoming vulnerability reports for the bug bounty program we have at Adafruit and in my free time also try to find valid bugs to submit on platforms like HackerOne and Bugcrowd. Lots of n00bish mistakes and confusion half the time but I am lucky to have met people who let me know I can ask them for help when I need to.

How did you first get started in your career in tech?

I started getting into tech by using the Meetup site to look for meetups for things I was interested around my area. For example Python coding meetups and data structures workshops etc. There I learned some basic (SUPER BASIC) coding skills and kept wanting to learn more. In specifically web apps interested me the most so I began to focus on meetups about web applications and technologies surrounding those. I then began using Twitter to look for events and saw an all women's security workshop called Black Hoodie at Google. My workshop was for web application security and was taught by the brilliant Niru (@itsC0rg1).

I was enticed and excited by the thought of legally hacking and understand web application vulnerabilities. During this time, I would also tweet my process about what I was learning to keep as a personal diary for myself but ended up getting noticed a bit and found people on a similar journey to me on Twitter! With the help of these seminars, I was able to muster up the courage to play my first CTF for HackerOne and made a Discord server in the hopes of making friends so I wouldn’t give up. In the Discord server, I was paid to help people pop XSS, SQLi, and not cry when attempting a padding oracle attack to pass the CTF levels.

alt text

What are the most important skills in your current position? How did you develop these skills?

Important skills in my job are being able to stay calm on not smack the alarm every time a bug report comes in. Sometimes it’s easy to read a report and automatically think “EVERYTHING IS BROKEN THIS IS BAD.” Especially when you are new and just starting out. But staying calm, until you read what the researcher has reported and you have reproduced their exact steps and see if there is a bug helps you not have mini heart attacks all the time.

So in summary, having the ability to remain calm and analyze facts is a skill that is very important as a security researcher who has to validate bug reports. Obviously being able to use an interception proxy like Burp to analyze/modify HTTP requests/responses is also helpful but you can learn how to do this through so many tutorials online using Google!

What are some resources that helped you in your journey in tech?

The absolute #1 resource that helped me with my journey in tech is using social media to document my journey in learning. Specifically Twitter. I would post a lot of things I was learning, screenshots of errors, videos of seminars, questions of things I didn’t understand. I followed some technical accounts and engaged with their conversations on Twitter.

It’s also amazing to find people who I can relate to and befriend in my journey. It helped me feel less lonely to know I can reach out to my friends who are also looking to upgrade their work-life and working together to learn together! I’ve shared frustrations, tears and long nights with friends I’ve met through Twitter and they are some of my closest friends to this date. Shoutout to @pirateducky!

I noticed people began to follow me and be very supportive of my journey. I was able to get tickets to seminars, event invites, job interviews all through using Twitter to engage and share my journey of learning.

What difficulties did you face in your career? How did you overcome them?

Given the choices, I made I always struggled with low self-esteem. I always felt like I was “not enough” no matter what skills I acquired or the achievements I made. It’s what sometimes leaving college makes you feel. Since family members begin to assume your life will go downhill for not finishing college. So I absorbed a lot of that self-doubt and of course, getting put down at some workplaces did nothing to help me feel better. It just made me feel smaller and less valuable.

It’s a bit silly given, for anything you want to do in life, you will be continuously learning. For some people that means college for others who learn differently, it is a different journey. I can’t possibly know everything when first getting exposed to a field like cybersecurity. I would say self-doubt, is something I am continuously working on each day. I’m learning the more I accept myself with my personality traits it becomes easier because I start to feel that I am who I am, and my journey will look different for other people.

Looking back on your career, what advice do you wish someone had given you that would have helped accelerate your career?

Some advice I wish I was given and practiced earlier was not being afraid of being a beginner. For example, when I was looking to gain certain technical knowledge I skipped out on certain events, meetups, workshops because I felt if I didn’t know the concepts being talked about I couldn’t contribute to the activities. But in reality, it’s the complete opposite. Most successful people get excited to know someone is learning because it reminds them of when they were first starting.

A lot of knowledgeable people will notice you and be eager to help give you resources and offer tips. So don’t feel bad about asking questions that might feel “basic” in your head to ask a question but learn by asking and show up to learn! You will learn so much faster by asking others who know more than you and losing the embarrassment of being a newbie.

Is there something else you'd like to share with our readers?

If you’re reading this and are feeling stuck whether it’s financially or due to family problems. Please start each day by doing something to invest in yourself. It can be small like going to a seminar you are scared to go to. Each day little by little you have to pick yourself and help yourself grown. Little by little document your process start a blog on Medium, posts pictures of your work on Instagram or Twitter. Find a community to help you feel less lonely. It makes a difference when you start to look for ways to help yourself.

Thank you for sharing your story with us. How can we support you?

If you are interested in legally hacking and earning money for the vulnerabilities you find check out platforms like HackerOne and BugCrowd to begin submitting reports. It’s free and can provide you a little side income. In case you are a complete beginner start by joining the HackerOne Discord server and passing some of the levels on the HackerOne CTF! Here’s the link to the Discord server: https://discordapp.com/invite/32ZNZVN


Join our community of 2900 members!

Every week, we'll send jobs, events, scholarships and speaking opportunities for underrepresented folks in tech.
👉 Sign Up

Get weekly updates


Get a weekly digest of scholarships, job opportunities, and resources


Subscribe

© 2019 Blasterra LLC. All Rights Reserved. Illustrations by unDraw & avataaars.

Made with ❤️ by Veni Kunche