How passion drives momentum and success in cybersecurity

With 15 years of experience as a pen tester and zero day hunter, Mukhammad Khalilov (Head of Offensive Security at Help AG) is dedicated to staying ahead of the curve; with continuous research and exploration to deepen his understanding of the threat landscape, and feed his enthusiasm for his work. 

We asked Khalilov how his perspective on security has changed over that time – and he reminded us that passion is a powerful driver for momentum and success in the cybersecurity space. 

Could you share your career journey so far - particularly any pivotal moments along the way that led you to cybersecurity? 

“My career journey started with Cisco Networking – but suddenly changed when I had to find a way to hack and crack the type 7 password and get back into the shell a long time back. 

“This pivotal turn of events determined what I want to do in the field of IT security. The feeling of hacking led me into more research, understanding, and being part of the ethical hacking community. 

“The passion did not earn me money; but this also has allowed me to pursue my computer science studies and masters in computer security. From then onwards I was committed to continue learning and improving – because this field requires non-stop learning.” 

Why have you chosen the field of zero day hunting and cybersecurity vulnerability research after many years of experience as a penetration tester?  

“Zero-day research and finding vulnerabilities on a variety of platforms enables me to understand better, and in depth. Identifying those vulnerabilities and reporting them to the right owners, and in doing so securing the community, is a great feeling.” 

How has your perspective on security changed over the course of your career? 

“My perspective has changed vastly – from technology being the focus, to recognising that people are usually the weakest link; and understanding that there is no security application that can cover all bases.  

“Human weakness you can’t fix. Neither can you fix application security; but continuous security research and zero day hunting allows you to find attack threats in advance. That is why I am currently committed to finding zero days and cyber security research.” 

Do you think it's within the realms of possibility for any software to be created without any zero day vulnerabilities at all? 

“Unfortunately, it is impossible to create a zero day free or software without any vulnerabilities, and there are many reasons for that. Coding an application became a lot easier with the use of API, third party libraries, fast paced feature development, drag and drop and so on. Weakness in any of the pieces of code can lead to compromise of your application and not all security remediation is in your hands.” 

If you could go back to the beginning of your career and tell yourself one thing you wish you'd known then, what would it be?  

“Learn coding better and stay with passion. Don’t chase certificates a lot and show your skills with the hacking/security projects you have created.”

Finally, what was your best experience at Black Hat MEA 2023?  

“My favorite experience was Capture The Flag and the attendance of my team there. I was thrilled with challenges given during CTF and the amazing platform provided to security researchers to share their knowledge.” 

Thanks to Mukhammad Khalilov at Help AG.

Register now to attend Black Hat MEA 2024.