How Does Cybersecurity Engineer Work with XMind?
Harsh Bothra is enthusiastic about cybersecurity, and he also shares his findings, guides, and security vulnerabilities on his blog.
He started mind mapping a year ago, and XMind has become part of his cybersecurity journey. We could feel his passion and meticulousness when talking to him, find out his story behind cybersecurity, testing process, and his ways of mind mapping.
Tell us a bit more about yourself.
I am Harsh Bothra, a cybersecurity enthusiast and continuous learning advocate.
I primarily work as Security Consultant at RedHunt Labs, and I assess the applications & infrastructure for security vulnerabilities. Apart from that, I am one of the Core Pentester at Cobalt. I participate in various bug bounty programs on Bugcrowd, Synack and other platforms, and ranked under the Top 160 Researchers on Bugcrowd. All-time leaderboard.
I also actively blog about various security vulnerabilities, exciting findings and how-to guides. Previously, I have authored two books on hacking, focusing on beginners. One of my written books has been previously recommended by NITTR-Chandigarh & AICTE (Govt. of India bodies) who holds 60+ Hall of Fames from various companies and tested over 250+ Applications. He loves to talk about multiple cybersecurity stuff and has carried out many sessions related to cybersecurity, Ethical Hacking & Application Security.
How did you develop your cybersecurity career?
My career started with the publication of my first book back in 2016, and I used to lead the OWASP-Jaipur chapter. Before that, I used to pursue cybersecurity as a domain of interest. Later, I started my startup, which I ran for a couple of years while completing my bachelors.
In the year 2019, I started my first job as a Security Engineer at Security Innovation. Finally, during the lockdown period in 2020, I started exploring various domains such as bug bounty, freelance pen-testing, Blogging and public speaking. It was all very fascinating and rewarding, and thus I decided to work on this more dedicatedly.
Why did you choose XMind, and how long have you been mind mapping with us?
While working on various targets during my Bug Bounty process, managing the targets and process was a very tedious task, and I used to rely upon pen-paper to create flow charts and mind maps.
Back in early 2020, I started to look for some of the options that allow me to develop digital mind maps, and along with all the software I tried, I loved the simplicity "XMind" has to offer. The process is straightforward, and multiple sharing options made it my favorite mind mapping tool. It's been one and a half year since I am using XMind for all my mind mapping.
What do you usually mind map for?
I use XMind for creating mind maps about various things. However, most of the public mind maps that I share are checklists and processes one can follow while working in cybersecurity.
Apart from that, I use XMind for planning various personal tasks, creating processes around them; sometimes, I develop mind maps for fun as they are colorful and cool, aren't they?
Since you've tested different products of different systems, do you mind sharing with us the workflow on this?
Testing different environments always come up with challenges, no two applications or products are the same. Every time we require to brainstorm and understand the application's core functionalities, logics and various workflows. The usual process to test any application goes through multiple rounds such as:
- Project Scoping - What needs to be assessed.
- Resource Allocation - Who will be working?
- Reconnaissance - Involves initial phase focused on gathering information and building an attack surface.
- Enumeration - Extended Part of Reconnaissance, allowing to utilize the information gathered to find something fruitful.
- Automated Scans - Running automated tools and scripts.
- Manual Testing - Involves manual efforts on assessing security of a system.
- Reporting - Documenting the whole process and findings.
- Remediation - This is taken care of by the application owner/client to remediate the issues.
Now, mind map is really helpful when we assess the complex application and we need to draw multiple scenarios and workflows to understand what is happening on a particular action, how multiple modules are interconnected and gives us good visibility. This visibility enables us to sometimes find really cool security issues.
What about projects/tasks? How do you break them down?
I regularly use XMind for creating processes around various projects and tasks I have. For example, If I am working on a new blog idea, I used XMind to create a timeline based mind map to identify what to do and how to go about it. Similarly, If I am working on a Penetration Testing project or a Bug Bounty program, I use it to perform a simple threat modeling and functional mapping for my reference.
XMind has the best things to offer that I need in my day to day mind mapping tool. It has been effortless to use the software, and without any doubt, the process went smooth.
I have created more than 70 mind maps for my private use related to various projects, ideas, and fun. I have also shared many public mind maps, and the plan is to share more of them soon.
We've just had the biggest update of year, and what's your favorite feature in this update?
XMind is really full of fantastic features, and so far from all the features that I have explored, some of my favorite ones are:
I liked the new Skeleton feature, you can easily switch between different skeletons, and that's super cool.
Thanks to the new Pitch Mode, I can now turn my mind map into an excellent presentation instead of moving around it manually with a mousepad.
Lastly, adding the images to the mind map also enabled me to make a more effective mind map, especially when I am working on some unique ideas.
Anything else you would love to share?
I am pleased with the work the XMind team is putting behind the scene to make it a very easy to use and friendly software. I strongly recommend this tool to mind map lovers. Thank you XMind team, for the simple yet effective tool.