I interviewed Anugrah S.R., who is now a mediation specialist at HackerOne and formerly a security analyst at UST. With a Master’s degree in Biological Sciences from IISER Bhopal, Anugrah’s journey into cybersecurity proves that passion and persistence matter more than one’s academic background. His success also includes being acknowledged by Apple for reporting an information file disclosure vulnerability—a recognition many aspire to achieve. For a student like me, his story immediately stood out because it challenges the stereotype that only computer science graduates can succeed in cybersecurity. Instead, it shows that with discipline, curiosity, and the right mindset, anyone can break into this field.
Anugrah’s entry into cybersecurity began not with formal training, but with self-learning and relentless practice. He started the well-known 100-Day Cybersecurity Challenge, which gave him structure and discipline in consistently exploring concepts. Alongside this, he honed his skills through platforms like Hack The Box and TryHackMe, enjoying gamified competitions such as King of the Hill, where teams simultaneously attack and defend systems in real time. These hands-on exercises not only strengthened his technical skills but also sharpened his problem-solving mindset. Equally important, he connected with communities such as Yet Another Security and Initcrew, which gave him opportunities to collaborate, exchange knowledge, and stay motivated through peer learning.
His big break came when he joined a Capture the Flag (CTF) competition organized by SecureLayer7. After documenting his cracked challenges in a detailed report, the company was so impressed with his initiative that they offered him an internship in application security. That internship became his first stepping stone into the industry.
Of course, his career has not been without challenges. In our conversation, Anugrah recalled an incident from his analyst days when he identified an outdated WordPress plugin on a client’s site and warned them about the potential risks. The client, however, did not take his advice seriously at the time. Later, when the vulnerability was exploited, they came back seeking mitigation techniques—but by then, the damage had already been done. This real-world story underlined a crucial lesson: cybersecurity is not just about finding vulnerabilities; it is also about effective communication and building trust so that stakeholders understand the urgency of addressing risks before they escalate. For freshers, it is a reminder that technical knowledge alone is not enough—soft skills like communication, patience, and persistence are equally valuable in the workplace.
When I asked why the role of a SOC Analyst has become such a common entry point for freshers, Anugrah explained that it is relatively easy to pick up as a beginner and provides broad exposure to real-world threats. SOC analysts monitor, detect, and respond to incidents, which gives them a strong foundation to later explore other domains such as threat hunting, penetration testing, or cloud security. His advice to students aspiring for such roles was very practical: study job descriptions carefully and align your learning with the specific tools and skills companies demand, spend time on hands-on platforms like HTB, TryHackMe, and CTFs, and actively participate in security communities.
“Your degree doesn’t define your capability,” he said. “What matters is your consistency and ability to demonstrate skills.” This mindset is refreshing for students from non-technical backgrounds who might feel intimidated at first.
My biggest takeaway from speaking with Anugrah is that cybersecurity welcomes anyone who is willing to learn, regardless of their academic history. His journey from biological sciences to bug bounty acknowledgments shows that the industry values curiosity, perseverance, and problem-solving above formal qualifications. For students like me, his story is both an inspiration and a roadmap: practice consistently, document your work, build a portfolio, network with peers, and never underestimate the power of persistence. Cybersecurity is not just about defending systems—it is about continuous learning and adapting. Sometimes, it is also about breaking the very myths that hold us back from trying.
About the Author: Hizan Rahman is a cybersecurity expert and development mentor from Kerala, focused on secure, ethical, and resilient digital technologies. An IBM GenAI National Hackathon winner and multiple CTF awardee, he emphasizes security-by-design and practical threat modeling. Through mentoring, hackathons, and technical training, he empowers students and professionals with a strong, security-first mindset.