.jpg)
In the world of cybersecurity, textbooks teach you the rules, but only experience teaches you the game. The CloudSEK Challenge asks us to learn from the “stories, scars, and wisdom” of professionals, and I was fortunate enough to live that experience. My internship under Sahil Saini, the CISO of CYBERSEC in Gurugram, was more than a technical training; it was a profound mentorship in the philosophy of modern digital defence, shaped by his personal journey, hard-won lessons, and forward-thinking advice.
From January to April 2025, I was immersed in the high-stakes environment at CYBERSEC. My hands-on work—from assessing WPA3 encryption and deploying Zabbix for network monitoring to conducting VAPT for diverse companies using tools like Nmap and OpenVAS—was the practical “how.” But it was Sahil’s mentorship that provided the crucial “why.”
The Journey: Beyond the Technical
Sahil often shared that his career wasn't a straight line but a series of evolutions. He started deep in the technical trenches, mastering networks and systems. “You can't defend a city if you've never walked its streets,” he once told me. His journey from a hands-on engineer to a security architect and finally to a CISO was fuelled by a realization that cybersecurity's biggest challenges aren't just technical. They are about people, processes, and business risk.
This perspective was transformative for me. My work on threat modelling wasn't just about finding flaws; it was about understanding how those flaws could impact the business's bottom line—a lesson straight from his playbook.
Lessons Learned: The Scars That Teach
Every seasoned professional has their war stories, and Sahil's most impactful lesson was about the inevitability of incidents. “Perfection is a myth,” he stated during an incident response debrief. “It’s not about building impenetrable walls; it’s about building a resilient system with the visibility to detect, the speed to respond, and the humility to learn.”
This principle hit home as I assisted in analysing security breaches. The goal wasn't to assign blame but to understand the attack chain and strengthen our protocols.
His most critical piece of advice was to treat every vulnerability, no matter how small, as a potential foothold for an attacker. My project investigating FASTag vulnerabilities—and even bypassing boom barriers—was a direct application of this mindset. It taught me to think like an adversary and see the world not for how it's supposed to work, but for how it can be broken. That, he taught me, is the true scar of experience: knowing that preparation is everything because the moment of crisis is too late to start learning.
Advice for the Future: A Blueprint for Aspiring Defenders
When I asked Sahil for advice for students like me, he offered a three-part blueprint that now guides my own development:
1. Master Your Craft, Then Look Up
He stressed the importance of deep technical fundamentals. “You must speak the language of packets and processes fluently,” he advised. But he quickly followed up: “Then, you must learn to translate that language for the boardroom.” My work conducting VAPT for other companies was a practical exercise in this—delivering technical findings in the context of business risk.
2. Cultivate Unrelenting Curiosity
“The threat landscape of today will be a footnote tomorrow,” Sahil said. He encouraged me to spend time researching unconventional threats, like the FASTag exploits. He believes the best defenders are those who are constantly learning, deconstructing new technologies, and asking, “How can this be broken?”
3. Security is a Human Challenge
His most profound advice was that technology is just a tool. “Your biggest vulnerability and your strongest asset will always be people,” he explained. An organization's security culture, he argued, is more powerful than any firewall. This has inspired me to focus not just on technical skills, but also on communication, empathy, and education—the so-called “soft skills” that build a truly resilient organization.
My time at CYBERSEC was an incredible period of growth. I didn't just learn how to use security tools; I learned how to think like a security leader.
Sahil Saini's journey, lessons, and advice provided the context that transformed my technical tasks into strategic understanding. I left not just with a stronger resume, but with a clear vision for the kind of cybersecurity professional I aspire to be: one who is technically skilled, strategically minded, and deeply aware that our mission is to protect people in a complex digital world.
About the Author: Akshit is a cybersecurity enthusiast and Security Analyst Intern at CloudSEK with a strong interest in vulnerability assessment, penetration testing, and threat intelligence. He has hands-on experience in network and web security and holds multiple industry certifications. Akshit is passionate about exploring real-world security challenges and continuously strengthening his practical expertise in offensive and defensive security.