Welcome Back to Knowing Null!
This week, you voted to bring in ricksanchez!
Let’s just jump right into it.
First, I’d like to thank you for joining this series
of course, anytime If people really feel the urge to get toknow more about me this is the perfect chance!
Can you tell me and the readers a bit about yourself, what kinda work you’re doing?
I’m obviously part of this forum and go by the alias of ricksanchez/0x00rick. In the outside world I’m mainly a student finishing up on my masters degree in CS with a focus on IT-security related topics/classes. Been working real IT-(sec) jobs ever since I started my bachelors degree though.
What was your first entry into the IT world?
“professionally” or just any encounter with IT related things?
“Lets start with your casual interest, and then your first professional job”
Okay let’s see I guess anything IT related goes back to fiddling around with the first PC I had access to. We’re talking MS-DOS era close to the Win95 time. Starting from there anything computer/video game console related peaked my interest.
For professional jobs… hmm I started my first real IT related job directly after high school at the beginning of my uni career as a “manual bug finding monkey” in a dev company that worked on a new CMS. In hindsight this somewhat already was my first step into the IT-security field because I was finding system critical bugs/flaws within their product too. IT-security as a whole was not on my radar back then tho. I was young and dumb…
“So are you currently employed while also pursuing your masters?”
Yes indeed. I’m on my 3rd job while pursuing my uni career. This double load was very stressful at times, but it taught me a lot and showed me the path I want to pursue and multiple paths I really don’t want to pursue after my degree (for now)
Can you give us a brief overview of the roles you’ve performed and maybe a primary skill you’ve used/learned in each?
Sure! Like I already mentioned my first job was kinda like a bug bounty program, just without the big cash rewards . I’ve been testing and bug hunting an in-house developed CMS at that time for almost 2 years. It has been a Windows only experience at that time and it taught me to be persistent and look for potential places where bugs may hide on top of all the Windows infrastructure tasks that may come with such a job. Also team communication was a big thing since I directly communicated my findings to the devs which often times sat directly next to me. So soft skills of some sort.
Second job I had for less than a year was an IT-security consulting role. I got a glimpse into the typical day of an IT consultant over here in Europe and that he has to do a lot of double checking with official documents and regulations like the ISO27000 standard to propose fitting security solutions. The consulting lifestyle was not my cup of tea in the end.
And luckily the third position was offered to me directly at the end of my bachelors thesis.
It is focused on R&D in the areas of firmware, embedded security and everything that comes with that (RE, fuzzing, setting up infrastructure with vms and docker, …). This is still my current position and the diversity here is just fun. Lots of fun projects with a different focus each time. So I’ve been learning the most here. It’s very low level most of the times which is exactly what I like
Any shout-outs to software or products you’ve used and loved along the way? And, what programming languages have you used, which have you loved, which have you hated?
The first two jobs did not have much of either which are worth mentioning. For my current job gdb, afl-fuzz, vim, docker and vmware are the ones I love and use on a regular basis now. I don’t have much of a hate relationship to any tool. For my hardware workings tons of tools come to mind… starting from a decent soldering iron and reflow station, to an oscilloscope , my saleae logic analyzers and also my little buddy the bus pirate for serial communications. There’s a lot more.
I mainly had/have contact with python which I like. It’s easy to learn and add/modify modules or functionality to existing software or quickly write some new tooling from the ground up. Assembly plays a small part too.
Only thing that comes to my mind which I heavily dislike is web techs involving JS, and templating…
Very cool. alright, next up we have a few quick questions
sure shoot them
First: Mac, Windows, or Linux? What do you run at home?
oof that’s a tough one actually. for my fix work station at home I dualboot between Windows and Linux. All my dev, RE, and fiddling is done on the Linux side of things. When I’m on the move I’m on macOS. So I’d say all 3 but favoring Linux flavored systems a lot more.
Favorite? WinXP because childhood memories … For my current system I’m sorry to disappoint but its just stock Ubuntu Mate. It just works for me.
Do you use a mechanical keyboard?
Of course. the typing feedback on it is just the best thing ever. Currently rocking green switches.
Ortholinear? or standard?
Any other nifty hardware? Standing desk?
Just rocking a way too small desk with dual monitors, my mech keyboard and a broken mouse and trying to fit all my tools for hardware workings there. My setup is in dire need of a bigger desk and a new mouse. That’s the life of a student I guess… I favored new tools over a decent sized desk…
“A struggle I’ve had before as well.”
Alright, back into the meatier side. Let’s get to know you outside of tech.
My job and studies require me to sit all day so I’m trying to get in some needed amount of exercises in the gym. This also helps greatly with freeing your mind from problems and coming back with a fresh perspective. Other than that I enjoy good movies, beer and I’m always keen to try new types of food. Sadly there is not much more free time for anything else ríght now.
i see. So this next question I want to hear the two different stories between your student life and your professional path: What’s the biggest challenge you’ve overcome?
hmm student life is probably very similar for everyone. It’s a constant fight for passing classes from which you deem only a fraction as interesting. Other than that finding my niche is what kept me busy until almost the end of my bachelors. I didn’t know that I want to be into infosec until my bachelor thesis topic hit me. so luckily I made it.
For my professional path I’m not sure if I would have taken the same path if I would not have needed the money from it. The income from my jobs is for paying rent and such. Also having a job and a uni career limits your freetime quite much at times so that’s a bummer. Besides that I’m honestly quite happy with the career choices I made since I learned a lot, it gave me a glimpse into different areas of the industry and build up my
CV nicely too.
Any words of advice for those of our readers in a similar situation?
If you already found a niche you’re interested in keep grinding, share your findings/articles and find like minded people. For people still trying to figure out what to do… honestly just try things out! Apply for part time jobs, internships or whatever is manageable for you. You’ll find out pretty quickly if jobX is something you like or not. Other than that the having like-minded people or a community around you point still stands here too. Exchanging knowledge and thoughts will help you more than you might realize now. Networking opens you new doors
Awesome advice. Alright, last item on our list here. Anything you’d like to say to the 0x00sec community?
Stay classy and keep impressing me/us with those articles/discussions! In my time here I learned a lot and I hope everyone here has the same fun experiences. Also if there is anything on your mind me and all the other staff members always have an open door to listen to anything!
Right on. Well thanks again ricksanchez!
What HEX color is your “hat”?
Good to know. See you around!
Thanks again, it was a fun interview
Who’s gonna be next?
Don’t go, there’s more here!
This most recent interview was conducted on the #knowing_null channel of the IRC server. Users are invited to join us in two weeks for the next interview on Wednesday the 8th. I’ll be taking your PMd questions and pitching them to our next subject. Until then, feel free to add any questions you’d like to see in the comments below. Thanks!