My Cybersecurity Journey — From CSE Student to CTF Player

I am a B.Tech Computer Engineering student at BBAU, Lucknow. My long-term goal is a fully-funded Master's in Cybersecurity abroad — DAAD, maybe. Something that once felt completely out of reach for someone like me.

This is how I am building toward it. One challenge at a time.

I Didn't Think I Was Smart Enough

I want to be honest about something most people don't say out loud.

I am a UP Board student. Growing up, I used to watch videos about software engineers and cybersecurity experts and think — these people are on a completely different level. They seemed like prodigies. People who were just born understanding computers in a way I never would.

For a long time, I convinced myself that world wasn't for me.

But something shifted. I gathered my courage and started coding. And I discovered something that genuinely surprised me — I liked it. Not just tolerated it. Actually liked it. The logic, the problem solving, the feeling when something finally works after an hour of staring at it.

And slowly a thought started forming: maybe I can do this too. You don't have to be a prodigy. You just have to be willing to keep going.

The Decision

In my second year of B.Tech, I made a decision. I was going to try cybersecurity. Not because I was ready. Not because I had a roadmap. But because I figured — if I try hard enough, consistently enough, something will click.

I started where most people start — free courses online.

• Google Skills — Introduction to Cybersecurity
• Cisco NetAcad — Introduction to Cybersecurity
• Cisco NetAcad — Networking Basics
• Cisco NetAcad — Ethical Hacking
• IBM — Web Development Fundamentals
• Tata (Forage) — Cybersecurity Virtual Internship

Each one taught me something. Each one also showed me how much I still didn't know. That feeling — of realising how vast this field is — used to intimidate me. Now I find it exciting.

Where I Am Now

Currently I am working through PicoCTF challenges on CyLab Security Academy — Carnegie Mellon University's own cybersecurity learning platform. So far I have solved 58 challenges independently.

No hints. No walkthroughs. Just me, a terminal, and enough stubbornness to figure it out.

I have completed:

• The Beginner's Guide (29 challenges)
• General Skills in CTFs (19 modules)
• Python debugging challenges — fixme1.py, fixme2.py, runner.py

I am also working through PortSwigger Web Security Academy — SQL injection labs right now — using Burp Suite to actually intercept and manipulate HTTP requests. Six months ago I didn't know what that meant. Now I am doing it.

What This Blog Will Be

Every week I will document one challenge I solved, one thing I genuinely learned, and one mistake I made along the way.

Not a polished tutorial. Not an expert guide. Just an honest record of a student figuring it out in real time — the confusion, the small wins, the moments when something finally clicks at 2am.

If you are also a student from a small city, from a state board background, wondering if this field is for people like you —

It is. I am proof that you don't need to start with every advantage. You just need to start.

I don't have all the answers yet. But I'm solving the challenges anyway.

Follow this blog for weekly CTF writeups and an honest account of building toward a cybersecurity career from scratch.

GitHub: github.com/CipherCoded-Dev