"Hello Friend …" Textbooks teach may teach you everything, but I am sure they don't teach you that journey for corporate employee in Mumbai begins with boarding an early morning train to the suburbs . I got to experience the same today .

My journey from home lab moved to the 'Hot Seat' this morning . So yesterday the 23rd of march was a pretty regular evening for me . Until I received an email that said I have been shortlisted for the role of VAPT Intern at a major VAPT consultancy in Andheri . After so many applications finally … finally I was shortlisted . As I practice regularly , read blogs and stay updated with the current cybersecurity scene , I was pretty much confident I would do well . So I brushed up my memory and I was ready to go in the morning . I couldn't sleep until 2 am maybe it was the overthinking or maybe it was the excitement of first interview , I really don't know . Fast forward to morning , I reached the office and completed my documentation process and patiently waited for my turn . I could sense my heart racing , I literally felt my heart pumping in my chest ; the beats grew intense and I heard a voice shouting my name "Sarvesh" . It was my turn for the interview . One big mistake I did before sitting for the interview was that I did not drink water , remember folks to stay hydrated so your mouth doesn't dry up while interview .The technical round lasted 30 minutes. It wasn't just a chat; it was a stress test that moved from mid-level networking to core security logic. Here is a breakdown of what was asked:

1. DHCP Process: I explained the DORA (Discovery , Offer , Request , Acknowledgement) process but learned the hard way to never forget the "A" (Acknowledge).
2. OSI vs. TCP/IP Models: A classic foundational check.
3. OWASP Top 10 (2025): I was asked to list the vulnerabilities and the newer additions compared to the 2021 list .
4. AuthN vs. AuthZ: Authentication (Who are you?) vs. Authorization (What are you allowed to do?).
5. IDOR vs. Privilege Escalation: This is where I fumbled by not trusting my gut. IDOR is the vulnerability, while Privilege Escalation is the result.
6. CIA Triad: The bedrock of security — Confidentiality, Integrity, and Availability.
7. Tooling: Questions on Nmap syntax (-O for OS scans) and Burp Suite Intruder (used for automated fuzzing and brute-forcing).
8. SQL Injection: Explaining Time-based vs. Boolean-based Blind SQLi.
9. Common Ports: Testing memory on SSH (22), SMB (445), FTP (21), and RDP (3389).
10. The "How": How do I actually practice? (This is where my home lab and DuckyDetect project saved the day).

If there is one thing I learned, it's this: Projects speak louder than certificates. When the conversation shifted to my project, DuckyDetect — which addresses HID injection attacks — the energy in the room changed. I was feeling like the interview room was now my playground and I am ready to play but alas … ! The interview was over . I was happy with myself keeping in mind that it was my first interview it went pretty well . There were obvious stutters and fumbles yet I was happy that I gave my 100 percent . Final Thoughts for Fellow Students

1. Trust Your Gut: If a technical term pops into your head, say it. Don't overthink.
2. Master the Basics: You can't hack what you don't understand. Know your ports and your protocols (DORA!).
3. Build Something: Your home lab is your best resume.

The hustle is real, but so is the growth. See you in the next log.