"If you really want to do something you’ll find a way. If you don’t, you’ll find an excuse." - Jim Rohn
n0kto is a self employed security researcher and CodeHawks lead judge. Once upon a time he was an engineer doing pentesting, quality assurance, and app security. Here you’ll find his story from “traditional” cybersecurity to CodeHawks smart contract auditor.
I am a deeply inquisitive person who loves learning (and laughing) about everything. Outside of work, curiosity has led me down many interesting paths from music to badminton, and movies to dance. Professionally, I have a master's degree in Computer Engineering and worked for a few years in traditional cybersecurity and software engineering. I worked on things like network security, quality assurance, pentesting, and application security.
I love cybersecurity but hate admin and paperwork. I left my last corporate job and began studying related topics like DevSecOps and GRC (Governance, Risk, and Compliance) on YouTube, Udemy, and through articles. The goal was to find a new project where my passion for deep technical work could be satisfied while avoiding paperwork.
Then, I stumbled across a YouTube video of John Hammond and Halborn discussing the Ziion Virtual Machine and got hooked on blockchain.
Though blockchain had been around for over ten years, it was still a relatively blue sky of opportunity. Lots of interesting technology and so much building to do. The industry is so complex technically, philosophically, and practically. The coding, of course; also its frameworks and applications. From cryptographics to finance, DeFi, stablecoins, social gaming, RWAs, ZK proofs, liquid restaking, etc.
Eventually, I found Cyfrin Updraft and spent the next 5-6 months, full time, studying the courses. Blockchain basics, Solidity, smart contracts, Foundry, DevSecOps, security auditing. All of them! Everything I learned about blockchain development and security auditing comes from Updraft videos. For free!
My background in cybersecurity engineering certainly helped. My studies began with a hacker mindset, technical knowledge, and experience uncovering bugs already established.
When Cyfrin CodeHawks launched I started participating in First Flights to gain practical experience, learn from others, talk to experts, and get advice. Since January 2024 I’ve been participating in real competitive audits on CodeHawks.
I’ve experienced a lot of firsts on CodeHawks: developed the first community First Flight (my first Solidity project), made my first community judgment, had my first experience as a lead judge (Mafia Takedown), and also found my first solo unique (a low).
After ten months of hard work I’m able to live and earn a living as a security researcher with the majority of my income coming from the platform. My position on the CodeHawks leaderboard also led to several large web3 organizations contacting me about working together. I’m really grateful for the trust Cyfrin CodeHawks has shown me.
Becoming a smart contract auditor is 100% attainable. Anyone can do it. Even without a technical background, Cyfrin Updraft’s courses will take you from zero to smart contract developer. The best thing is the courses are self-guided, allowing you to go at your own pace. All you need is dedication, curiosity, and a sincere interest in the work.
In terms of specifics, learn Solidity, Foundry, and Smart Contract Security on Cyfrin Updraft. Ask questions, engage the community, work through exercises and projects, and practice.
Then, start participating in CodeHawks First Flights. These are beginner friendly contests written to simulate real-world protocols. Test your skill, gain experience, and prepare you for the next level.
When you’re ready, join CodeHawks competitive audits. These are real world competitions, sponsored by some of the industry’s largest protocols.
At each stage, ask questions, ask experts for advice, and integrate into the community. Auditors are some of the kindest, most supportive people and are always willing to offer advice. Learn as much as you can from them!
Also, develop a process that works for you: how you organize your day, your work time, rest time. Which hours you dedicate to auditing, to reading, to studying, etc. A strong process is the best way to find bugs.
There is a massive need for passionate, knowledgeable people auditing code and securing protocols. As the industry scales, the need grows.
The need for security experts is growing because protocol security is a foundational requirement for the entire blockchain industry. Security (and trust) is a prerequisite for building fully decentralized systems that hope to achieve scale. Enterprises, nations, and regular people will never transition to the decentralized economy if there’s even a slight chance of getting rekt because of a random vulnerability.
In the future, organizations will train their teams to build with a ‘security by design’ mindset, creating dedicated DevSecOps teams to maintain application integrity. This shift will place security researchers at the front of all design choices and mean thousands and thousands of more jobs to fill.
Join us helping to build a safer, more secure blockchain industry! Help us find those bugs and be a part of the right team!
