Trust in digital transactions and financial technologies is crucial for the smooth functioning of modern society.
Neelam Kadbane, our next pathbreaker, Senior Vulnerability Analyst at Mastercard, identifies and addresses security vulnerabilities within Mastercard’s environment & products by conducting network penetration tests.
Neelam talks to Shyam Krishnamurthy fromThe Interview Portal about the innumerable challenges and the satisfacation of her work in preventing potential breaches that could lead to financial loss, identity theft, or disruption of services.
For students, no matter what field you choose, develop your fundamentals, stay curious and keep learning, because the world is full of opportunities!
Neelam, can you explain your background to our young readers?
I’m from Pune, and I’ve spent my entire life here. I did my schooling and college in Pune and being a “Punekar” has had a big influence on who I am today. Growing up in a Marathi household, our culture played an important role in shaping my values and outlook on life. In my free time, I love trekking, with monsoon treks being my absolute favourite. I also enjoy reading and often pick up a book or two, though not as often as I’d like. Solo bike rides are my form of meditation—they give me the space to reflect and recharge.
When I was a kid, I was always fascinated by movies that showcased technology, whether it was about hacking, futuristic gadgets, or complex computer systems. Even though I didn’t fully understand everything at the time, I was drawn to the world of technology and innovation. I guess, in hindsight, that attraction was an early indicator of where my interests would eventually lead me, even though I didn’t realize it back then.
My father is now a retired government servant. Throughout his career, he was known for his unwavering dedication—he never took a day off from work. His commitment went beyond the ordinary, and even today, people still talk about his work ethic and the impact he had on those around him. His hard work anddedication have always been a source of inspiration for our family, motivating us to keep pushing forward no matter the challenges.
My mother, on the other hand, started her business at a very young age. While most teenage girls were busy choosing fancy dresses for parties, she was already a proud business owner. Even now, she hasn’t stopped. Her passion for her work and her profession is truly remarkable. The way she continues to learn new things, even at this age, is inspiring to everyone around her.
They always taught me that whatever you do, give it your best effort. They also emphasized that it doesn’t matter what you do as long as it makes you happy.These lessons have guided me throughout my career and personal life.
What did you do for graduation /post graduation?
I completed my bachelor’s degreein Computer Engineering from PuneUniversity.
What made you choose such an offbeat, unconventional and cool career in Cybersecurity?
My journey into IT and Cybersecurity has been shaped by a mix of curiosity, inspiration, and pivotal experiences. Growing up, I was always fascinated by technology. I remember being the one in the family who would eagerly explore how gadgets worked. This curiosity naturally led me to pursue a degree in computer engineering.
During my college years, I was fortunate to haveprofessors who not only taught me technical skills butalso encouraged me to think critically and pushboundaries. Their influence sparked a deeper interest intechnology, particularly in the area of security. I vividlyrecall working on a project that involved securing anetwork. That hands-on experience was a turning point, it made me realize how much I enjoyed the challenge of solving complex problems related to cybersecurity.
The decision to pursue a PG diploma in IT Infrastructure and System Security at CDAC ACTS Pune was another significant moment in my journey. I wanted to specialize in an area that I found both challenging and rewarding. This program was intense, but it equipped me with the skills and confidence I needed to carve out a career in cybersecurity. Looking back, it wasn’t just one thing but a series of influences, and experiences that guided me towards this path. And I’m grateful for each one of them.
Tell us about your career path
After graduating with a degree in computer engineering, I found myself at a crossroads. The field of computer engineering isincredibly vast, and every part of itfascinated me. But I wasn’t sure whichdirection to take. To clear my head andfigure out what I really wanted to do, I took a job in a non-technical role at an MNC. That was my first job, and I stayed there foralmost a year. Working in that environment gave me valuable insights into the corporate world and helped me understand the kind of work I wanted to pursue.
While working there, I started preparing for the CDAC entrance exam. Once I cleared it, I left my job to focus entirely on my PG diploma. The course was intense and challenging, but it was also incredibly rewarding. My professors and batchmates played a huge role in shaping my knowledge and skills, and by the end of the course, I was certain that I wanted to build my career in information security.
My determination paid off when I landed my first technical job as a Security Engineer at Qualys, an Enterprise Cyber Risk & Security Platform . It was a significant achievement for me, especially since it’s rare for companies to hire freshers directly into the InfoSec domain. At Qualys, I worked with the Vulnerability Management team, where we researched new CVEs and zero-day vulnerabilities, and developed signatures for vulnerability scanners.
A zero-day vulnerability is a security flaw in software or hardware that is unknown to the vendor or developer. Since the vendor is unaware of the vulnerability, no patch or fix is available, making it highly dangerous. The term “zero-day” comes from the fact that once the vulnerability is discovered by malicious actors, the vendor has zero days to fix it before it can be exploited. e.g. suppose Chrome released a new version but it has a small flaw that allows a hacker to bypass security checks and access users’ data. If hackers discover and exploit this flaw before the Chrome’s developers are aware of it, this is a zero-day vulnerability.
A vulnerability scanner is a tool used to identify knownsecurity weaknesses in systems, networks, or applications. These tools scan the target environment,looking for vulnerabilities like misconfigurations, missingpatches or outdated software. They compare thefindings against a database of known vulnerabilities togenerate a report with the details.e.g. mostly every organization runs a vulnerabilityscanner on its network, which identifies known security flaws. The scanner reports these issues so the IT team can prioritize and fix them to secure the network. Thereare tools like Nessus, Qualys, OpenVAS, Nexpose, Astra etc.
CVE stands for Common Vulnerabilities and Exposures and is a standardized identifier for known security vulnerabilities. Each CVE entry includes a uniqueidentifier (e.g., CVE-2024-XXXX), a brief description of the vulnerability, and references to further information. CVE helps security professionals share and discussvulnerabilities consistently.
How They Relate:
• A zero-day vulnerability would not have a CVE initially because it is unknown.
• Once a zero-day is discovered and documented, it may be assigned a CVE.
• Vulnerability scanners use CVE databases to identify known vulnerabilities in systems, but they might not detect a zero-day vulnerability until it’s publicly disclosed and assigned a CVE.
This combination of concepts is key in managing andmitigating security risks in any environment.
This experience piqued my interest in penetrationtesting, leading me to my current role as a Pen Tester at Mastercard.
My career path wasn’t linear, but each step taught me something valuable and brought me closer to where I am today.
How did you get your first break?
My first big break came while I was pursuing my PG diploma at CDAC. The institute has a placementprogram where companies shortlist candidates basedon their merit. When I was selected for an interview, I knew it was going to be a tough day. The interviewprocess was intense. Since companies were hiringfreshers without any prior experience, they needed tomake sure we were the right fit through a series of technical and scenario-based questions.
The day of the interview was a rollercoaster of emotions. I had to go through three rounds of technical interviews followed by a HR round, all in one day. Each round wasmore challenging than the last. I was scared, nervous and anxious, constantly wondering what questions I would face and how the interviewers would be. The waiting was nerve-wracking, but when my turn finally came, I gave it everything I had.
When I finally walked out of that last interview, I felt a mixture of relief and disbelief. It was hard to tell if I wasdreaming or if this was real. But when I got the news that I had been selected, I was overjoyed. It was one of the happiest moments of my life, and I knew that all the hard work and preparation had paid off.
What were some of the challenges you faced? How did you address them?
One of the most significant challenges I faced was when I decided to pursue my PG diploma. At that time, my family was going through a financial crisis, and we didn’t have the money for the course fees. I was working at an MNC, but the salary was too low to secure a loan. This situation forced me to continue working there for a while longer, saving every bit I could for my PG diplomaadmission. During this period, my father and sisterstepped in to help. My sister had just started her first job,so saving money from her salary for her younger sister’s education was a big deal. Their support was invaluable. Those were tough years, but I was determined to investin my education and secure a better future. It took patience and persistence, but eventually, I savedenough to pursue the course that set the foundation for my career.
Another significant challenge I faced was when I startedmy first job, where I was the only woman in a male dominated team. Navigating this environment wastough; I often felt pressured to demonstrate that Ibelonged and had to put in extra effort to gain the same respect and recognition as my male peers. This wasn’tjust a challenge within that company but a broader issuemany women in the technology sector. From dealing with stereotypes about women’s technical abilities, to facing subtle or overt biases, these obstacles can follow you across different roles and organizations. Some maybe more covert in their discrimination, while others aremore apparent, but the challenge remains a persistent one.
Despite these challenges, I’ve always believed instanding my ground and proving my worth through mywork. It hasn’t been easy, but each obstacle has made me stronger and more resilient. I’ve learned thatperseverance and confidence in your abilities are crucialfor overcoming barriers. I also advocate for a moreinclusive and respectful work environment for everyone. Whenever I feel stressed, I turn to my friends and family for support, which helps me immensely. Additionally, I have six little fur babies who are the best stress relievers and bring a lot of joy into my life.
Where do you work now? What problems do yousolve?
I work as a Senior Vulnerability Analyst at Mastercard, where my primary responsibility is to conduct networkpenetration tests to identify and address securityvulnerabilities within Mastercard’s environment, products, and the companies it has acquired. In this role,I strive to uncover potential weak points before they canbe exploited by malicious actors, ensuring our systemsand data remain secure. To excel in penetration testing,a solid foundation in ethical hacking, network protocols, operating systems, and application security is essential. Certifications like Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), and CompTIA Security+ are incredibly beneficial as theyprovide both theoretical knowledge and practical experience. Additionally, hands-on experience withvarious security tools is crucial for effective vulnerability assessment and remediation.
What’s a typical day like?
A typical day in my role involves setting up andexecuting penetration tests, analyzing the findings, and collaborating with various teams to develop strategiesfor addressing any identified issues. I am constantlyfaced with new challenges, which keeps me engaged and motivated. The dynamic nature of cybersecurity means that there is always something new to learn,and this continuous evolution is one of the aspects Ienjoy most about my job. The satisfaction of solvingcomplex problems and knowing that my work directly contributes to the security of a global organization likeMastercard is incredibly rewarding.
How does your work benefit society?
My work as a Senior Vulnerability Analyst at Mastercard benefits society by ensuring that sensitivefinancial data and systems are protected from cyberthreats. By identifying and addressing securityvulnerabilities, I help prevent potential breaches thatcould lead to financial loss, identity theft, or disruption of services. This not only safeguards Mastercard’s customers and partners but also contributes to theoverall security and stability of the financial ecosystem.In a broader sense, my efforts help maintain trust indigital transactions and technology, which is crucial forthe smooth functioning of modern society.
Tell us an example of a specific memorable work you did that is very close to you.
One of the most memorable aspects of my work is the time I spent giving talks for the Infosec-Girls chapter. I had the opportunity to speak to college students whowere interested in pursuing a career in information security. It was deeply fulfilling to share insights on various security trends and provide guidance to those just starting out. I often thought back to my own collegedays and the kind of support and information I wished Ihad. Being able to offer that to others felt incrediblyrewarding.
Another aspect that is close to me is my involvement inresearching and publishing my findings or writing blogs. It’s gratifying to contribute to the field by sharing valuableinformation and insights with the wider community. Bothexperiences, speaking to aspiring students and publishing research, are meaningful to me because theyallow me to give back to the community and help shape the future of cybersecurity.
Your advice to students based on your experience?
My advice to students, regardless of the field theychoose, is to focus on discovering and nurturing theirpassions. It’s important to explore different interests and be open to new experiences. Don’t be afraid to step outof your comfort zone, whether it’s trying out a new hobby, joining a club, or taking on a challenging project. Develop a strong work ethic and learn to manage yourtime effectively. Setting goals and working consistentlytowards them, even if they seem small, can lead to significant achievements. Remember that failure and setbacks are part of the learning process; don’t let themdiscourage you. Instead, use them as opportunities to learn and grow.
Seek out mentors and build a network of supportivefriends and family. Surround yourself with people whoencourage you and provide valuable advice. Finally, stay curious and keep learning. The world is full of opportunities, and a willingness to keep learning and adapting will help you navigate whatever path you choose.
Future Plans?
As for my future plans, I aspire to become a great leader and mentor. I am dedicated togaining valuable experience and continuously learning to develop the skills needed for effective leadership. My goal is not only to lead teams withconfidence and vision but also to mentor others, guiding them through their own career journeysand helping them achieve their goals. By building a strong foundation and nurturing my leadership qualities, I aim to make a positive impact and inspire others to reach their full potential.
#J-18808-Ljbffr
