Just got OSWE but I didn't like web security
Story of me who hated web security getting an industry-leading web security certification and thriving ever since.
When I first started in cybersec, I didn't like web security.
I thought it's dated and unpromising.
But because I needed to pass a technical challenge and get a job, I still took a lot of time to study and became pretty comfortable with it.
After successfully getting into the field, I just kept learning and doing and have done 70+ web app pentests.
I have discovered and helped fix a handful of critical vulnerabilities in clients' applications and have had a lot of fun during the process.
But the thing is: deep down I still didn't really like it.
Although I know I don't have to like it in order to be good at my job.
I thought: "There must be something I can do".
I said to myself: "let's just try to be really good first".
And I picked OSWE to be my next certification to pursue as it is probably the most respected hands-on certification on web security. And I expected getting it would be a challenging and painful long journey.
But it was fun. It was unbelievably fun. I got to exercise my inner builder to create exploits.
I got to discover vulnerabilities hidden in the plain sight (source code) which felt like a superpower. And diving into a large code base no longer feels daunting because I know where to look at first.
The hours I spent on this course are really enjoyable that I wouldn't call it studying any more. I was just playing around.
Which reminded me of something I have experienced before and maybe something you can relate as well: