Episode 18 with Guest Mehidia Afrin Tania

Mehidia Afrin Tania

In this episode our host Tanya Janca (also known as SheHacksPurple), talks to our guest Mehidia Afrin Tania to learn what it’s like to be Bug bounty hunter!

45:25 Shownotes


welcome to the we hack purple podcast where each week we meet different guests people who work in information security and do all sorts of different types of jobs the we hack purple academy started this podcast so that all sorts of newcomers to our industry could learn what it’s like to do various jobs and the type of qualifications they need to get them what types of experiences you want who you might want to go meet books you might not want to read for people who are already in the information security field this is just super curiosity i’ve always wondered what it’s like to do this or that job and so i am your host tanya jenka and this week our guest is mahidia and so yes you have a tanya natanya on the show yeah that’s right it’s happening and we are sponsored by the amazing the awesome the supportive thread fix and so without further ado because i know what you actually want is to see the guest and meet her so without further ado here we have tanya hi welcome to the show hello thank you how are you i am good i’m uh i’m pretty excited for the episode tonight yeah i’m so excited we have sent messages on the internet before but never got to have a lot of interaction and so i’m like yes getting to meet yet another cool person because the podcast a thing that podcast guests don’t tell everyone is that like secretly it’s awesome being the host because you get to meet so many cool people um so tell so please introduce yourself and tell us what your job title is uh myself is uh but people usually call me tanya and right now i’m doing msc in cyber security and project management in ukraine at bedfordshire university and also i’m doing a bug bounty hunter or you can say that i’m doing full time back bounty hunting and yeah i love my hunting profession because it’s so very flexible for me that is awesome i am looking forward to hearing your perspective on this because everyone was we’ve had one other person on and her name is katie katie paxton fear and i know yeah so we both think katie’s awesome um spoiler alert we think she’s amazing um and so yeah i i love i don’t know i’m very curious so i’m gonna ask you lots of questions and my my first question is like can you describe what a bug hunter does like what does that mean actually typically each and everyone knows that you have so many website that you have to hack those website yeah it’s typically we can say that you have to hack the website but uh back in if you talk about the back side backhand side it’s like that you have to learn a lot a lot after that you can get to know what is actually backbonding backgrounding is pretty much awesome it’s like not only web perspective we can say from networking from mobile you can pretty much do anything it’s like normally those there’s so many well-known companies or also vinyl platform they give you the ethical permission to hack the west side and after that you can get a pretty much nice bounty but yeah for this reason you have to learn so many things for do you have to actually when you want to hunt you when you want to dump their website when you want to crack yeah i love it okay that is awesome so a question i ask a lot is what is a day in the life like being a bug hunter like when people are like what’s it like to be a ceo i’m like i am a slave to email i just answer email like half of every day and i hate that part but then the rest of my day is totally awesome so what is it like being a bug hunter are you a slave to email i hope not uh the thing is that at first i mean i started my to learning in 2016. in that time if i said as a beginner in that time my day was pretty much rough because in that time i have to learn so many things it’s like i have to go for web i have to go for network i have to go for programming because if you really want to be a good bug bounty hunter some people i get to know that they said that there is no need you need you don’t need to learn about programming no as a professional bug bounty hunter i always always say to people that you have to be good in programming because if good in programming language that is pretty much awesome and it your line gonna be smooth so from at the beginning it was rough for me but now right now is pretty much like little bit smoother for me but when i get to hunt like api or sometime i get to do something like rc or school yeah in that time i have to spend a lot of time in my day it’s like sometimes it takes 10 hours but i didn’t get anything but uh yeah sometime it gets so much rough do you feel like if you plug away at something for 10 straight hours and you don’t find a bug like what does that feel like is it frustrating or are you like i’m gonna get you tomorrow or uh from my career i get to learn one thing that you have to be patient you have to be a lot of patients because if you don’t find anything it’s pretty much normal even though in this stage because early in 2012 to 2015 i can say that it was pretty much easier easier to find any bug from any website but right now for all the people like us website is getting smarter because we are making smarter the website and so right now it’s pretty much become harder so don’t get frustrated if you don’t get anything but yeah there is no loss if you don’t find anything there’s nothing lost because you get to learn so many things in this 24 hours and it will be pretty much good for you next step so don’t get frustrated and usually i don’t get frustrated as you said yeah tomorrow i’ll get to you so maximum to my intention get that yeah tomorrow i’ll find something more i feel like that’s a really good attitude um i definitely don’t know if i would be as good at you as you at that i could be impatient and i have to say like as a person that’s on the blue team like the defender i’m like yes i’m glad it’s getting harder to find bugs i’m glad that our industry’s improving but uh but i’m sorry it makes your job harder what what type of personality traits do you think you need to be a good bug hunter so first of all you said patience that seems number one but like whether types of things like attention to detail maybe uh i feel like at first you have to be a good listener always keep in your mind that you have to be you have you have to listen because at the beginning you are like a baby so you have to treat yourself like i’m a newborn baby so i have to get to learn so many things in this world and each and every note this world is vast i mean this cyber security is like it’s not like that okay i get i know the python i know bob sued i know how to interact with browser with uh uh server it’s not the main thing each and everything you have to get updated so keep in your mind that you have to be a good listener whenever you are reading something right up when you are listening some senior from senior or when you get to uh watching some videos from mentors try to be a good listener because i find that when i uh learn when i want to learn something new i have to become and i have to be a good listener when i follow these things i always get benefited always always so yeah you have to be a good person that sounds pretty important for yeah i have to say i wish that everyone was a good listener because i bet all of everything would go better if we all had more patience than listening but yeah i think yeah you make a good point yeah because in this field you don’t have any option you could say that okay i’m a smarter but when you get to like in your field job you start working actually you have to know without knowing anything you can’t do anything in this field so this is the thing that is a very very good point for those that are tuning in you can ask our guest tanya a question if you want to you can also click the thumbs up button you should probably do that just in case so i have more questions of course um what types of technical skills do you think someone needs to be a bug hunter so you said they probably need to know programming would do they need to know certain programming languages or like all of them or what do you think uh or i can say from a beginning perspective because maximum time when people watch podcast make some time i get i find that more or less they’re beginner so as a beginner if someone watching me then i was supposed to say that you should learn at first python because python is i can say backbone of nowadays eating everything so many tools that i’m using i can say i’m using bob sure i can say i’m using nmap or i can say i’m using workshop there’s so many tools that i’m using but in the these tools you have to know the basic thing of python because if you know the basic thing of python programming it’s going to be so much easier for you to understand the common line you can understand the http request there’s lots of easier for you and the second thing is that in my career i have found so many excesses bug so if you want to focus on this exercise bug then you have to know about javascript because in javascript you have to use so many payload so many cheat sheet which g sheet are created from javascript so if you don’t know the syntax of javascript you can’t apply any random payload from any blank space it’s like you are throwing any cheat sheet in a blank space and it’s like you don’t know anything what you’re doing so if you don’t know anything it’s not going to work so it’s like that there’s so many programming languages sorry you don’t need to like that learn so many programming languages but the sort of thing you have to really really know python programming obviously javascript obviously and obviously you have to know the basic thing of networking because i find that people don’t understand how your tp how your network ip is connected so people get confused where is the ip coming from why is the ip or which ip should i uh interact so which ip should i follow so if you don’t know the basic thing of networking then it gonna be a little bit tougher for you so obviously basic of networking basic of web and programming python java yes for the beginning it gonna work for you no that’s a really good list because sometimes people will tell me like oh it doesn’t matter and it’s good to actually have a specific list that people can look at i actually don’t know python i or i’ve never programmed a thing in it i guess i’ve read a bit of python because i was looking through something before but i’ve always like like maybe i need an excuse to learn it and yeah i have to say that when i start learning python i get to impress day by day and i was start to regretting because at first in my university i have to learn c then i have to learn c plus plus then i have to learn java so in this three programming for that under grade level it was a little bit harder for me and i was in that time i was not also interested to learn programming i was like oh my god program is not type of me i should take some excuse that you are saying but after that when i started learning python i said oh my god this is so easy i mean see just making us crazy yes she’s hard it’s so hard um there’s a question in the chat so um someone is uh matusa’s asking uh is mahidia’s preference of python and javascript a regional choice so she’s in bangladesh and yes she is awake very late and i appreciate her staying up to be on the show um but is is it that people use it more in bangladesh or is it that’s the whole world runs on javascript and python it’s not any really regional or something like that it’s like day buddy when i get to become a full-time bug boundary i feel like that is your daily purpose needed because you know each and every tool right now you’re using it could be manual it could be automated tool every tool are based on python so is it in the near future it gonna be beneficial for you it’s not like that only in my country people are only focusing on this particular language no it’s not like something like that and if you’re talking about javascript i’m talking about javascript particular because i get to find so many excesses bug so xss bug is basically a form of javascript in javascript we have to write down so many t-shirt and this t-shirt is a creator from javascript that’s i’m saying this oh i i know but that’s a really good question thank you um so i have a question is so um so you speak bengali are there lots of resources that are in bengali and is there a specific resource that maybe we could share ah right now in our website that not that much because we started only three months uh and if you’re talking about other resources then you can be specific so that i can say yeah you can get this disease oh i was hoping you would tell us about indie skill db.com oh yeah in in this skill in this in this case just only three months is so you can say also stealer is a newborn baby and we have a little bit breakdown because i just moved to my country to london so i in that my website basically i have three more members they are also back bounty hunters in my country so we started thinking that we should do something only for our country because in our country i see a big massive growth of bug bounty uh back in 2015-16 there was like internationally there was like few people from my country but right now i’m so happy to say that there’s so many so many good bug bounty hunters they’re coming and those who are considered like that okay we know a little bit of bug bounty and they are thinking that we can give them some information so we thinking that it’s our responsibility to do something for our community that is awesome i’m going to spell it out for people that are listening so just to be clear it’s all written in bengali so if you don’t know bengali it will be very confusing but it’s indie i n d y skill s k i l db like database.com and if you speak at bengoli you could go and learn a whole bunch of stuff so they actually have a bunch of articles already there there are so many blogs on this planet with just one post and you already have four or five posts so i think you’re doing great for three months thank you so um so of course i have more questions so let’s say someone is you know they’re like this sounds cool i wanna i wanna take some training to try to become a bounty hunter can someone like go to university and take a course to become a bounty hunter uh honestly if i say from my experience still not i didn’t see any academical university no there is no uh and still not a not still in near future it will always consider like a freelancer so if you want to be a freelancer in bug bounty field i feel like you should be a self-learner because there are lots of lots of resources right now in internet if you are determined that okay i want to be full-time but bounty hunter you don’t have to go for any academical purpose or you don’t need to go any teacher it’s like there’s lots of resources because for me i get to learn naham say there’s a we know everyone homesick jo zobert from hackaron co-founder and i also get to know katie and i also get to know cyber mentor this is all so much famous uh uh youtuber i i really follow them and i also get to know so many things from them and especially especially i always have recommend the newcomer that please follow the twitter because when i start to follow twitter it’s like boom i get to know so many things at a time every time each and every day they are posting so many technical advance so many zero days report so many new report i mean it’s like sometimes like your bucket is so much full you get confused from which that you should that is awesome that’s good to know there’s lots of free resources um yeah there is an excellent question in the chat from muhammad so what do you think about the future of artificial intelligence and machine learning do you think it’s going to take the cyber security experts place are we in danger of losing our jobs uh it’s like a little bit diplomatic answer for me for if i talk about from a cyber security aspect no it’s not gonna take like that much that we think like dramatically movie we say i feel like that usually people when asked this type of question they’re so much fascinated with a movie that movie they are watching that yeah one day they’re gonna take each and everything and we’re gonna be lost oh my god robot gonna take everything no in real life it will take so much time it’s not gonna work i have to say i find artificial intelligence and machine learning still seems pretty confused like for instance so this summer i wanted to buy rain barrels so to collect all the water that falls when it rains so that then i can keep it for when it’s dry and then i can water my garden and so i i looked up some and then i picked the one i wanted for three months they kept trying to sell me rain barrels like i have four rain barrels why do you keep trying to sell it to me like they’re so dumb and so i’ll buy a dress and then they’ll try to sell me the same dress yes i know i look great in that thank you i already own it i should wear it today you’re right but i’m just like what are they doing like i think there’s a lot still missing with the artificial intelligence and machine learning yeah i feel like it’s not like lots of missing is i feel like the most of the artificial intelligence that work based on data so your data must be matched with this person or with this context you are working so uh sometimes i get that when i feel i also i watch some robotic videos that there’s a robotic kitchen in that kitchen if you just write down sorry press the menu then the kitchen robot hand will make it and everything for you so it’s obviously based on your data that in that person uh like that the person what he like or should she like and what she wants to eat based on this space that they created that her handy grow board so i feel like is basically based on your data you have to collect a good pretty amount of data yeah and it’s it’s hard to get high quality data and then training the model is very very expensive and then there’s just so many anomalies yeah when i’ve been watching like videos about like speakers talking about like hacking machine learning it’s usually yeah yeah they’re i just have i just have so many thoughts um but i have more i have more questions so let’s say thank you for the question muhammad thumbs up that’s a great question so what so like let’s say someone they want to become a bounty hunter and they’re following some of the videos online what types of work experience do they need to get their first bug bounty contract or job do they need to have job experience how does that work uh it’s not like that typically you need some job that we seek normally from any side or any company it’s like you need the skill rather than i can say the uh quality i can say that you need the skill because as previously i said that if you have the skill of programming if you have the skill of web and networking then it will be easier to find you the bug but for me it likes to more than seven months i was like uh hoping oh my god i wish i could buy find a bug before my birthday because when i start to work yeah i was targeting my birthday okay before my brother i should get a bounty but it was the yeah in that time i was sad but i was not disappointed because in that time i didn’t get any work you didn’t get one by your birthday i don’t know before in my birthday i didn’t get anything and but after my birthday’s two months i get my first birthday and it was 250 a dollar and i was so that’s happy no it’s not like that you need some extra quality it’s like you need you have to build up your own skill okay i like it we are approximately halfway through the podcast so i am going to thank our amazing sponsor so this is we have purple podcast but we are sponsored by threadfix powered by denim group and they are the most stupendous vulnerability management system this side of the galaxy and there are a lot of vulnerability management systems this side of the galaxy so that is an incredible claim and i have to say i really like their product so thank you threadfix for sponsoring us we really appreciate it but i have more questions for you tanya so so let’s say someone’s watching this and they’re like okay so i can follow some stuff online what type of learning path do you think someone could take to try to get into your field like is there a specific place that you feel that they should start or specific like priority maybe of order of things to focus on so that they can find bugs sooner yeah obviously there is pretty much thing that you have to follow like when you start to learn we always get to know the word of o w asp so we always know that owsp that’s the top 10 bug so uh when you start to learning back boundary it’s not like that within one or two months you’ll get to know each and every bugs no it’s not like that and even though if you like okay you know the first of all you know the broken authentication you know the exercise or you know the rc you know the only basic thing don’t try to find out each and everything at a time it’s like if you start to reading broken authentication so for me i followed that at first i start to learn excesses so for me at the pretty much more than six or seven months i just concentrate on this exercise because i feel like when you get some skill or when your hand becomes smooth with particular bug you will find some confidence from yourself okay now i know exactly this this end point so i can get to know exactly in this point if i uh upload any payload i’ll get the response so in that contest you will get some confidence don’t go for a rush each and every bugs at a time if you get to learn then just at first for the beginning only considering only one buck and try to get polish on that box then it will be easier for you that’s really good advice honestly when i was a web app pen tester i thought i had to know everything at the start and so i was always disappointed myself and yeah it’s a really good point if you’re just like are really the best at one type of bug if you’re a bug hunter then you can just go around be like found some found some found some smart okay i like this so in your um in your opinion does being a bug hunter pay well so some jobs in infosec pay lots some don’t don’t pay as much do you feel that bug hunting is a high-paying job at this moment obviously i should say it’s a pretty high because if i want to do any nine to five in four six job it could depend on my luck also on my skill also there’s a official environment so it depends so many uh options but in my back body hunter and uh profession is like if you have a good skill and if you’re working more than two or three years it gonna be take you like a position in that position if you just open any website or if you start to hacking any private site you exactly get to i mean you exactly know where you are working and what type of bug you could find so you it’s already your mind is already set so it’s very easier for me i know that how much money i can get so sometimes it’s also depend on me okay if i get if i find this book okay now i’m planning that in this four week i’ll find this this is bug and i know in this website it’s pretty much easier for me so in that contest i can say it’s pretty much higher than others uh pay at the 9-5 job would you say that also because it depends on which country you live in so for instance i live in canada and the american dollar is worth more than the canadian dollar and so when i do contracts for american companies they pay me on american dollars and i’m like would you say that that also applies too so like if in bangladesh for instance i don’t know how much their money is worth in the translation but like in my country american dollars are worth more so i always if i can want to be paid in american dollars instead of canadian dollars is it like that for you so you said you listen yeah exactly the same situation in my country because i can say yeah my experience uh well now right now i’m doing msc in uk and maximum tuition fees come from my bounty i’m being honest with you so maximum two shoes that come from my mounties so only for this i can able to do this so when in my country when i get like five hundred dollar one thousand dollar in my country’s currency is much bigger so yeah it’s pretty cool okay so that’s awesome yes um do you feel like there’s lots of opportunities in the like in the bug bounty field like there’s lots of jobs like if if someone wants to try to do it are there opportunities yeah obviously because right now this field i mean i feel like each and every generation they have a specific field which is become a eye-catching field for every generation so i feel like in this our generation infosec cyber security bug boundary is almost most eye-catching field it’s not like there’s someone thinking that okay now you’re doing freelancing it’s not so well-known job or what should we gonna say you are freelance and no no it’s not exactly it’s not like that from bug bounty i get to know pretty much so many things about infosec so when i start to do something like nine to five job it will be the same qualification they needed so i can put my qualification in my cv already which i’m doing so yeah it’s this is so much optional you can work like if you want to be a want to work in red team if you want to work in blue team or if you want to in trade intelligence there’s lots of options you can work yeah and do you feel like the experience of being like an experienced multi-year bug hunter then could potentially make you a really amazing red team or a really amazing security like long-term security researcher or perhaps like a really good penetration tester yeah obviously because uh before coming in here i was working as a red team researcher in my country there’s a company it’s called beetle cyber security and this is the one of the most renewed company in my country so in that company i was working as a red team researcher so they only they just only took me because i have a back boundary experience only for this reason they gave me that job and i worked in that office more than two i mean sorry more than one years nice few so like i i don’t know that much about bangladesh but from the outside it looks like the tech industry is like exploding there like that there’s more and more tech yeah okay so that’s what it looks like from the outside so that’s what it looks like from the inside too okay that’s good i can say that you’re in hacker run in background even in scenic in cobalt that is so much senior people from my country nice awesome okay so now a super hard question what do you like best about bug hunting like what’s your favorite part [Music] uh i want to be a little bit funny that when i get bounty it makes me happy whenever someone get bumped he is so happy it makes them so happy when i found my first vulnerability i did a happy dance yes [Laughter] uh when i get my first bounty i scream i i was screaming like a lot oh my god do you still feel really happy every time you get a bounty you’re like yes obviously because it always it likes that it’s my target i want to fill up my target i always feel like that is my target i want to achieve this target so i always feel like that and in my say feel i can say that when you start working you have to be a positive attitude that you have to accomplish this target so it will always makes you happy never take like that oh my god it’s a burden for me i can do this no no never think like that if you when you start thinking like that it’s become burdened for you yours in that there you will literally stop loving your job don’t do that always be a positive oh my gosh i i wish that you could give that advice to everyone when you think of like the duty of your job as a burden you’re gonna start hating your job that’s such a that is very wise yeah okay so i asked what you like the best what is the thing that you like the least about your job it’s like that uh there’s so many nights i spend finding nothing sometimes you’re trusted i have to be honest that sometimes you get frustrated sometimes i feel like that uh it’s nothing that day was like i didn’t get anything but at the same time i said to myself that uh even though i didn’t find anything but the amount of time i spent in this website in this contest i get to know so many technical steps which i didn’t know previously it’s like in my office there was uh there was a hector box program because in my bangladesh office you used to do cdf and hack the box because uh my boss think that it will polish your skill yeah i also believe that if you do as much as you do ctf and hack the box it will literally increase your skill so i still remember that my boss gave me a problem from hector box and it took me three days to find and to upload a show in that so i was literally frustrated oh my god i am not getting that i can’t upload the show but at the same time i also feeling the anger no i have to put the show i have to inject that shield so yeah after three days i get to do that nice that must feel just like so satisfying you’re like that’s right i’m the boss of you computer i i feel that when i finally get the thing working i’m like that’s right yeah obviously so what what makes you feel the most pride about your job so like i like i am a teacher right so like i teach people how to make secure software so when someone really gets it or they tell me oh i use this thing i learned from you and this awesome thing happened at work i’m like yes and so that makes me feel really proud what makes you feel proud like with bug hunting uh in my side it was pretty much a little bit similar because in my country now i become little bit organized senior because it’s been more than three years so sometimes i get not sometimes sorry maximum time i get so many messages so many texas they want to know this they don’t know that so still now i’m trying my best to help them and i still remember that there’s a new guy he wants to know about http injection and he don’t know anything about http so i get i provide him the information and the links and the practice that he can do and still now i can remember that he got a buck from hacker one and it was maybe a 400 or something boundary and i feel very happy for him that finally he get to know this thing and the second thing is that in my country when i start this bug boundary i was the only girl so from my office they gave me so much honor when i started working because in my office there was 18 member and i was the only girl in that red team amazing that’s awesome yeah you may not be a role model for other women oh no not like that but i want to work for my heart that it must be i mean i want to be always honest in my work that’s awesome so okay so what advice would you give someone that wants to become about hunter like male female or from bangladesh or from somewhere else what what advice do you think could help them ah but the thing is recently i also got some message from my university there’s a guy he also wants to learn back bounding i always always prefer and i always say to the newcomer that at least at first try to know what is actually bug boundary because still now i get i’m getting the message that people are confused what is actually bug bounty people always get too fascinated with so much high bounties people think that oh my god in this field you will get so much higher bounties and maybe it’s so easier now don’t go with that bounties at first try to understand what is actually bug bounty and and then don’t ever think that bug bounty is only for hacking facebook or insta or gmail because i get so many message i get so many messages about this don’t think like that and obviously try to be a good listener and at first at first try to learn something based on programming because if you have the good and basic strong of programming it will be so much easier for you and after that obviously if you want to be a web security expert then go for web if you want to be networking then go for network yeah do you do you have people write you and say hey could you hack this person for me could could you like hack into my ex boyfriend or ex-girlfriend’s account because like i was like [Laughter] like you know the guy he takes me that uh in my university he was pretty much like something that he said that i want to crack the gmail and instagram id from people and also in my countries i got so many texas that uh please could you please hack my girlfriend id could you please hack my boyfriend and i always said that please don’t talk with this stupid question with me and a little maximum i get so much angrier because there people only think that bug bounty or hacking is something only based on facebook insta no this is not yeah also we’re law abiding citizens and don’t insult us by asking us to commit crimes for you it’s not cool it’s it’s like rude right like could you imagine if you’re like hey you’re really limber will you break into this person’s house for me no who asks that but it’s like oh could you hack into this person’s accounts like no and i also said the same uh one thing to that people i said do you think that facebook instra or gmail cyber security india they’re so much full that you can make them full no man they are spending a lot of million dollars so how could you think that only i can do something and they’re already gonna be hacked no not like that yes okay so we have another question in the chat but i also want to ask everyone in the chat if you’re enjoying this conversation if you could click the thumbs up button for me and if you are listening to this if you could give us a podcast review on podcast reviews or pot there i think there’s something called podcast love there’s itunes there’s all these different places where you could review us that helps us know we’re doing a good job and if you send us a direct message on twitter we hack purple and send us your mailing address we will mail you stickers yes that’s correct i am offering bribes for reviews i don’t pretend i’m doing something else so let’s look at the question from muhammad okay so he says i have one more question cyber security experts usually rely on built in operating system tools or sometimes you have to develop one for a specific situation do you want me to read that again oh you got it no i get it yeah pretty much like that because there’s so many automated tools but in that automated tool you will get a rough estimated result but if you really want to do some practical hacking then you have to do it manually like i do because i never rely on the automated tool sometimes i want to see the rough estimated like uh in my office i sometimes we use nessus in nessus we get some rough estimated result okay in this website you will have some might be rc some might be xql or you can get some http problems but they give you a rough rough estimated but they don’t give you the specific problem that you’ll get to find out from manually because in manual when i do some brute force or sometimes when i do like want to do upload any show i have to do it manually i didn’t rely on any automated tool it even it does it not gonna work like that that we because in manually there’s so many tricks that which is created by own myself only i know how to trick them only i can apply them yeah so which i get to learn from my experience which you can get from automated tool so if you’re thinking like that okay i will upload some automated tool and i’ll hack this website no it’s not gonna work like that that is such a good way to put it too because automated tools will always miss lots of things yeah i mean it will just give you a normal result yeah rough result that okay blah blah you’ll get the 10 bucks you’ll get the 10 problems but you will get to you’ll never be a pacific like i i need to know the specific problem which will give me actually the bounty yes yes so much yes there um so i have two more questions for you and then i have to wrap up so do you do other or wait do you do other things outside of information security um that you want to share like for instance i guess we already know that you do indieskilldb.com which i’m putting on the screen underneath you but is there anything else that you want to share or raise awareness about that matters to you uh right now actually i’m doing my msc so it little bit messed up for me because it’s just only two months i moved in here and right now i’m just focusing on my study because at the same time i’m start to living alone without my family so it’s a little bit messy for me oh my gosh i must be so much yes so oh sorry yeah please no no please my last question is probably something that is on many people’s mind is if someone wants to know more about you so they can follow you on twitter at m e h i d i a a f r i n so yeah media afrin but on linkedin you have mahidia so people want to follow her there you can follow her that but add tanya but what like do you have upcoming talks or do you have anything else that you want to share with us of something that you’ve worked on and it’s okay if you don’t but like just give everyone the option uh honestly i really like to talk with you because the way is speaking and you feel me comfort before starting this interview i was a little bit nervous i was thinking that okay what should i say and in my life it is the first postcards that i’m doing so i was a little bit nervous but thank you you make me so much comfortable and it was pretty good to talk with you and you are doing really great i i was thinking that i should i i said that i was thinking that i should buy your books because they’re really doing good oh thank you so much and i should say to your audience yeah go for tania super books it’s a pretty good okay so speaking of my book i was supposed to talk about my book so i’m just putting it on the screen for a second i wrote the book called alice and bob learn application