🚀 CloudSEK becomes first Indian origin cybersecurity company to receive investment from US state fund
🚀 CloudSEK Becomes First Indian Cybersecurity Firm to partner with The Private Office
🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
Back

From Curiosity to Cyber Defense: Kunal Gambhir’s Journey into Cybersecurity

February 6, 2026

Table of contents

Example H2
Example H3
Example H4

Cybersecurity often feels like a maze of codes, endless alerts, and late-night incidents. But for Kunal Gambhir, currently a Cybersecurity Engineer at Nykaa, the journey into this fast-growing industry began with curiosity, playful experiments, and the thrill of hacking with friends.

I had the opportunity to interview him as part of the CloudSEK “Talk to a Cybersecurity Professional Challenge.” His story is proof that passion, persistence, and the right mentors can transform a curious student into a seasoned professional.

The First Spark

After completing his 12th grade, Kunal already knew what he wanted: to become a hacker. While many of his peers were undecided about their future, he was certain that cybersecurity was the path for him. Believing that a Bachelor’s in Computer Applications (BCA) would give him the foundation, he enrolled eagerly.

However, reality didn’t match his expectations. The curriculum focused heavily on software development and left little room for exploring hacking or security. For some, this would have been discouraging. For Kunal, it became a challenge.
The turning point came when he experimented with his brother’s Gmail account. To his surprise, he was able to retrieve hidden emails, proving to himself that his instincts and skills were leading in the right direction. That small victory fueled his determination and cemented his passion for cybersecurity.

Breaking into the Industry

Kunal’s first formal attempt to enter the field was through the Certified Ethical Hacker (CEH) course. Unfortunately, it was not what he expected—it was theory-heavy with minimal practical exposure. Instead of walking away frustrated, he decided to self-learn.

This decision paid off. He landed an internship at Kratikal, a cybersecurity startup that offered him exactly what he was looking for: a hands-on, real-world learning environment. He wasn’t just reading about vulnerabilities—he was actively breaking into websites, testing servers, and simulating attacks. This exposure gave him both confidence and experience, eventually leading to a full-time role.

From Kratikal, he moved on to Deloitte, where he worked on enterprise-scale consulting projects, before joining Nykaa as a Cybersecurity Engineer. Each transition added new layers to his expertise. Meanwhile, his six years of bug-bounty hunting on Bugcrowd gave him the chance to test his skills on global platforms, earning rewards between $100 and $1,500 and strengthening his problem-solving mindset.

The Fun Side — Hacking with Friends

Not all of Kunal’s learning came from formal jobs or courses. Some of the most important lessons came from collaboration with friends. A close colleague, an accomplished bug-bounty hunter, became both his mentor and partner.
Together, they would spend nights exploring vulnerable apps, solving labs, and competing against each other in finding bugs first. Sometimes, they even tested weak passwords in safe environments just for fun.

“Each bug was not just a vulnerability, but a shared victory,” Kunal recalls.

These experiences turned cybersecurity from a subject into an adventure. The joy of splitting bounties and celebrating discoveries made learning sustainable and enjoyable.

A Day in Application Security

Today at Nykaa, Kunal’s work reflects the dynamic nature of the cybersecurity field. His daily responsibilities include:

  • Assessing third-party integrations for risks
  • Identifying vulnerabilities in internal systems
  • Reviewing architecture diagrams to ensure security by design
  • Collaborating with DevOps and infrastructure teams to secure deployments
    Some days demand quick incident response, while others are dedicated to structured risk assessments and long-term improvements. As Kunal puts it, one thing remains constant: curiosity, vigilance, and lots of coffee.

A Roadmap for Students

When asked about advice for aspiring cybersecurity professionals, Kunal provided a roadmap that is both simple and actionable:

  1. Pick your path – Choose between Offensive (ethical hacking/AppSec) or Defensive (SOC, cloud, infra).
  2. Master the basics – Linux, networking, cryptography, and reconnaissance techniques.
  3. Start small – Begin with simpler attacks like brute force and OTP bypass, then progress to advanced ones like SQLi, XSS, SSRF, and RCE.
  4. Get hands-on – Use platforms like HackTheBox, TryHackMe, or bug-bounty programs to practice real-world challenges.
  5. Build projects – Create AI + security tools, or automation scripts for vulnerability detection to stand out in your portfolio.
  6. Certifications that matter –
    • Cloud security certifications (AWS Solution Architect, AWS Security)
    • Web Application Security certifications (covering exactly the attacks beginners should learn)
    • Udemy certifications (affordable and practical for students starting out)
    • OSCP preparation – Even if you don’t attempt the exam, preparing for it builds strong practical skills and deep understanding.
  7. Keep practicing – “You can’t just read about cybersecurity—you need to do it.”

Why Mentors Matter

Kunal highlights that his biggest growth came not from classrooms but from mentors and peers. While formal certifications gave him structure, it was colleagues and friends who explained vulnerabilities, shared labs, and helped him bridge the gap between curiosity and competence.

For students, having a mentor—or even a supportive study group—can accelerate learning. As Kunal’s story shows, the right guidance can transform scattered curiosity into focused expertise.

Final Takeaway

From experimenting with a Gmail account to securing products at one of India’s biggest e-commerce companies, Kunal Gambhir’s journey demonstrates that cybersecurity is not about stacking certificates or memorizing theories. It is about curiosity, persistence, and hands-on practice.

For students eager to enter the field, the message is clear:

  • Explore, break things (ethically), and learn from every mistake.
  • Surround yourself with peers and mentors who challenge you.
  • Most importantly, enjoy the process.

Cybersecurity may be serious work, but it’s also one of the most exciting adventures you can embark on.

About The Author: Kavitha Kumari is a third-year Information Science student in Bangalore with a strong interest in data structures, algorithms, and web development, focused on building practical software solutions for environmental sustainability while exploring diverse technologies to create impactful real-world systems.