Note: This summary is AI-generated and may contain inaccuracies, errors, or omissions. If you spot any issues, please contact the site owner for corrections. Errors or omissions are unintended.
This podcast interview from LeaderSpeak’s “A Day In The Life of an Entrepreneur” series features Anant Shrivastava discussing his journey into cybersecurity, certifications, entrepreneurship, and career advice.
Guest Background
Anant Shrivastava: Contributed huge amount of efforts to NULL community, OWASP, and many more
Journey described as: “A notebook, not a playbook”
Key Topics Discussed
Journey into Cybersecurity:
2010 - The Turning Point:
Relooking at: Where am and what do next
Time frame: Kind of had two years time frame in company
Wanted to see: Where next gig could be
Anyways doing: Server admin work
Anyways defending: Systems
Thought: “Okay what is other side of equation? What else is there?”
Didn’t want: To be programmer, didn’t want to write code all throughout day - “That’s not who I am”
Jumped in: Joined company where did bunch of SOC-related activities
Log monitoring automation: Was always backbone
Lot of automation work: Went in that company also
In that process: Moved and realized “Okay yeah this sounds interesting, more challenging, more fun”
That’s kind of: Start of journey
Since 2010: Have been into information security industry
Certifications - The Spiciest Take:
CISSP is Worth Doing:
Spiciest take: CISSP is worth doing
Lot of people: Not going to agree to it - “Hey what load of crap, should not be suggesting CISSP”
Look at it: On very basic level
What is CISSP?: Tool which actually does not teaches anything
But gives visibility: Into every single keyword that normal lay person needs to know about information security
For lot of job profiles: Just knowing that these keywords exist is good starting point
Compare with other certificates: Let’s say OSCP or whole OffSec category of certificates or other specialized certificates
They’re talking: About niche area, giving context into that specific area
But if want: To get one certificate which gives keywords of infosec, that’s CISSP is one
Security Plus: Maybe does job but no job right now has Security Plus as requirement
Lot of jobs: Have CISSP as requirement
That aside: Don’t recommend people doing certifications at all
Suggest people: Do certifications if they are becoming barrier to get through job, or do them if company is paying for them
Company’s Role:
Other quib: If company requires OSCP, find people who are good at their tech, then pay them to get OSCP
Why trying: To hunt for OSCP?
Just by changing: This narrative, can actually tap into larger pool
Obviously: Interview process have to be stringent so can identify people who are capable of it
Other thing: Current way of doing interview by asking standard set of questions, then everyone knowing those questions and repeating answers does not helps
Need to be able: To identify gems in interview pool
If identified good person: Their certifications should not be barrier for them
If not having certification: Need that certification, pay them, they’ll do it
Done that countless times: Where asked employees “Hey need to show that have these many OSCPs, these many CISSPs” - who is interested in becoming one of those? People have raised hands, paid them money, gone ahead and done certifications because they were capable people
Instead of certificate fixation: That should be angle
Individual Perspective:
From individual point of view: When look at something in order to achieve certificate
Brain operates: In way that wants to achieve goal
If goal: To clear certificate, will clear certificate
If goal: To learn something, will learn something
Simplest example: Friend back in 2010 time frame, organization where working on was more into networking
Cisco certified: Network architect and network admin CCNA certificates very common at that time
CCNA and then: CCNA routing and switching, then CCNP, CCSE, whole set of Cisco certified certifications
One friend: Had four years of experience in networking, sat on exam
Another friend: Fresh out of college, sat for exam
Fresher achieved: 100 out of 100
Experienced person: Achieved about 80-90, whatever was passing score, just achieved bit more than passing score
Ground reality: Person who got 100 out of 100 was not able to actually configure any of switches because did not know how actual thing works
Other person: On other hand was able to do all things in right manner but was lazy, was not in mood to write everything correctly, didn’t go through and got 100% score
Certificate scores: Not going to tell what person is capable of
Going to tell: What that person thought at that particular point in time and was able to match answer what expecting, and that’s about it
Entrepreneurship Journey:
The Hack - Under Commit, Overperform:
When comes to hack: Under commit, overperform
If able to do: 100 things, claim that able to do 70
Even if finish: 80 of them, have overperformed
That’s kind of: What need to look at
Always overestimate: Ourselves, commit based on overestimation
Instead: Under commit
Don’t commit: All things that can do
Commit part: Of things that can do
Then if able: To achieve them within time frame, have achieved it
If able to do more: Than what claimed going to do, have overachieved
One trick: That has generally helped overall
Why Start Entrepreneurship:
This not first time: Tried this
Come from background: Where father used to have workshop of own
Kind of entrepreneur gig: To be honest that had going on
Seen that: Even before joined corporate world
Seen ups: Seen downs
2008: Not most pretty years when comes to job opportunities
That’s year: Graduated, joined company
Before Diwali break: Told “Hey may be able to finish trainings but won’t be able to absorb you by December”
Christmas break: Told “Hey will be able to finish trainings, will be able to absorb some of you, not everyone, but by February you’ll all have to go back home, wait for orders, then if and when feel like need you, will call you”
2009: First attempted to do entrepreneur gig
About two months: Of planning went in
Couple of friends: Were there, all wanted to start something
At that time: Cafes were buzz everywhere in world, find lot of internet cafes
Trying to build: Some sort of automation gatekeeping setup for cafes
Things didn’t work out: Plus company offered position, started back with corporate world
2014: Again attempted another round for about one and half year as doing freelance work
Better than 2009: Because this time actually getting work, getting enough money on plate rather to level where think earned double what used to earn from corporate job in single year while doing freelancing
That kind of ended: Because one of biggest client basically said “Hey Anant you anyways spent 20 days a month with us, why don’t start paying fixed fees and save some money at end, some hassle at end, and join us as first person in company”
That’s kind of: How joined NotSoSecure
2021: Decided “Okay had enough again, another insect bite” - “Okay let’s try again”
Third round: Where trying
First round: Lasted for 3 months or so
Next: Lasted for about one and half year
2025 right now: Let’s see how long this one lasts
Lifestyle Business:
Company created: Reading about it - what call this?
Jargon: Comes up is there are two types of businesses - growth business and lifestyle business
Building right now: What call as lifestyle business
Growth business: Would hire, would accumulate number of people, angle would be year over year need to grow by X number, need to acquire more clients, need to have more work coming in, need to expand company, need to grow beyond borders, have more revenue numbers
Lifestyle business: Different approach
Entrepreneur Notebook - Mixtape:
Side A and Side B:
If had title: For entrepreneur notebook like mixtape, what would be side A and side B?
Been on both journeys: Whether corporate life, whether entrepreneurial journey, seen both phases
Especially: When talk about side where now, this third time thinking about it, spent good amount of time with it, sure it’ll go for long
What would be names: For it?
Answer: “Grass is always greener on the other side”
Landmines for Founders:
Two Things People Generally Have Problem:
People assume: Solution that have built for own problem is good enough to get people to pay for it
That is not: How world works
One angle: Trying to create solution to problem
Another angle: Someone else is willing to pay money to solve their problems
If able to crack: These two, that’s where fun begins
Again: Not everyone needs to sell things, not everyone needs to build product
Entrepreneur generally: Does not necessarily means has to be product
Does not necessarily means: Need to be doing something for large number of people
Entrepreneur journey: Also does not means there is altruistic means for everything
In it for making money: Then in it for making money
What is important: There is view that everyone gets about what company is, and there is clarity that founder has on what doing
Can fool world: Let me put it this way - can fool world but should not be fooling yourself
If in it for money: If in it for growth, then be clear about it
There are ways: Which may not look good to me which are perfectly valid ways of growth, but at different junction, you at different junction
That’s kind of reason: Why keep saying it - there’s no playbook
Can’t write: Set of steps and say “Follow these steps and done” because nothing like that
Keep using phrase: “Your mileage will most definitely vary”
Use it: For any number of things - for DevSecOps pipelines, to software supply chain equations, to entrepreneur journey
Every single person: Starting in that journey, even though give same amount of money to start with, same facilities, same location, both would have different journeys
Journey: What is fun
Assuming technology is answer: “Let me shoehorn more technology into it and get things done” is not right approach
For people from IT world: Assume if able to program something, if able to create product, done
Once get into entrepreneur world: Realize “Oh so product that built was about 5% of work, remaining 95% is totally not tech”
Need to talk: To people
Need to show: Them value that is there for them, not for me
Value for other person: Is different for every individual
Time spent: In trying to convey “Hey product can actually do things better than other person” or rather “If product is taking five minutes, they giving answer in 2 minutes, both giving similar looking answers, actually doing more”
Those parts: About marketing, sales, finance, talking to VCs for that matter is entirely different ball game than writing code
Need to understand: What they’re looking for, then talk in their language
That’s what people don’t realize: “Hey have built something”
This is how put it: Open-source product or created something, put it on GitHub, bunch of people using it does not means able to directly one-to-one map them into paid customers
Expectation of paid customer: Going to be totally different from product standpoint
From services world also: Fun thing about services industry
Personal observation: So far has been if person is paying premium, would expect premium service but would be more considerate about whatever doing
If person paying pennies: Would be more picky about where penny is going
Again prospective scenario: But feel there is value in both of them
Person who is pennywise: Can actually drive to reach point where product is optimized for people
Person paying premium: And letting do job, then come up with answer, giving confidence and trust to take answer on face value - probably giving more responsibility, that drives in direction
Whatever works: For you - if someone’s trust gives motivation, or if someone’s mistrust gives motivation, pick that, leverage that to improve outcome
Final Advice:
Two Things Every Individual Needs Clarity About:
From overall point of view: Would suggest
Jokingly said: “Grass always looks greener on other side”
What would suggest: There are two things that every individual needs to have clarity about
Why doing: What doing
If doing: Because friends are doing it, it’s okay - that’s how may want to go about
But should have clarity: That this is why doing
Don’t fool yourself: Person looking back from mirror should be confident in you and words as confident in those yourself
That’s one: Crux of all things
Key Insights:
Journey into cybersecurity started in 2010 from server admin background
CISSP is worth doing for keyword visibility, but certifications should only be done if barrier or company paying
Companies should find good people and pay them to get certifications, not hunt for certified people
Under commit, overperform - key hack for success
Third attempt at entrepreneurship (2009, 2014, 2021)
Building lifestyle business, not growth business
Two landmines: assuming solution for own problem is good enough to get paid, assuming technology is answer
Product is 5% of work, remaining 95% is marketing, sales, finance, talking to people
Need clarity on why doing what doing - don’t fool yourself
Actionable Takeaways:
Under commit, overperform - if can do 100, claim 70
Certifications only if barrier or company paying
Companies should find good people and pay for certifications
Solution for own problem ≠ solution people will pay for
Technology is 5% - rest is people, marketing, sales, finance
Need clarity on why doing what doing
Don’t fool yourself - person in mirror should be confident
Premium customers more considerate, penny customers more picky - both have value
