Nicolas Astor, aka "Nastor," has been a part of Cobalt's Core since December 2020. He recently graduated from Valencia College with a degree in Computer Technology and Software Development. He started as an intern for Splunk after graduation and is now a Product Manager there. We talked with Nastor about his time at Cobalt and how he has changed since joining the Core.
How did you get into pentesting?
I got into pentesting because of my love for CTFs. I loved doing CTFs because it felt like the ultimate jigsaw puzzle with a little bit of competition mixed in. Pentesting, to me, is like the ultimate CTF. I believe there is always a vulnerability somewhere it’s just about finding it and solving that puzzle. I think platforms like HackTheBox and TryHackMe really gamified the process and drove my passion for pentesting even further.
When did you start doing CTFs, and how did you get started doing that?
I started doing CTFs in college. I was part of the Cyber Security Club, and we regularly participated in competitions. I had so much fun that I began doing them on my own. I started with the National Cyber League competition and moved on to others like the PicoCTF, SANs Cyber Fast Track, and more.
What led you to Cobalt?
Cobalt originally approached me, but I had already heard about Cobalt before that. PTaaS was a really interesting approach to pentesting, and after reading more about the company, I was hooked. They can provide quality pentests, foster a community, and provide flexibility to their workforce. What’s not to love?
How has Ptaas been different from other pentesting work you have done?
I think Ptaas is different because it allows you to work with the customers in real-time. You can communicate and collaborate within the platform. That way, if any critical vulnerabilities are found, the client can know right away. Additionally, it’s not just different from reporting the most critical vulnerabilities; it lets the client know what is happening at every step.
What was your first engagement like?
Nerve-wracking. Just like any first day on the job is. But I had a great team lead mentor me through the process. I could slow down, stick to the fundamentals, and make a great first test. I even got some pretty interesting findings.
What have you learned since working with Cobalt?
I learned to slow down and be methodical. Scanning and enumerating are key. Get as much information as possible. These are some of the basic foundations of pentesting, but in my time at Cobalt, those were the keys to success. You work with a lot of big companies with big scopes. I think another major thing that I learned was working with stakeholders. At Cobalt, you work directly with stakeholders providing updates, clarifying goals, and more. I have understood the client’s perspective better since working with Cobalt.
Where do you go to learn? What resources do you use?
I use a lot of the classic resources. HackTheBox, TryHackMe, CTFs, Discord Servers, social media Influencers, etc. One resource I used quite a bit, however, was Cobalt’s community. The team leads I have interacted with were not just there to lead the pentest but also helped grow my skillset as a penetration tester.
How have you seen Cobalt change since you first started?
I have seen the number of pentests dramatically increase. I have seen the team grow. I have seen the company grow as a whole. I have also seen the platform itself get many great updates as well.
How have you changed since you first started at Cobalt?
I have become a better penetration tester. At the risk of sounding repetitive, being around the talent in the Cobalt community has taught me many things, such as the obvious pentesting, stakeholder management, and more.
What would you tell someone interested in joining the Core?
If your looking to start a career with a great community and are ready to learn, look no further.
How can someone be successful in the core?
Someone can be successful in the core by leveraging the resources and community around them. You'll do great in the core if you’re committed to learning and becoming a better pentester.
Anything else to add?
I have loved my time with Cobalt and am looking forward to growing more with the company.