From Electrical Engineer To Security Researcher

Working full time as an electrical engineer and consuming YouTube content in his free time, Draiakoo happened across a video discussing web3. This led to teaching himself smart contract development and security on Cyfrin Updraft and, ultimately, moonlighting as a professional security researcher on Cyfrin CodeHawks.

Learn, practice, do.

I watched Clément Mijailescu’s YouTube channel regularly at one point in my life. One day Cyfrin co-founder Patrick Collins was a guest and explained what web3 is and why it is important to learn. I was intrigued by the topic already so decided to start learning it myself. 

I’ve always been interested in programming but, since I didn’t study computer science, I just learned things myself when inspiration hit. 

I studied electrical engineering at university and it remains my day job. I work full time at a startup creating machines to automate industrial processes. My role is designing electrical and pneumatic schemes and then organizing the workers to build circuits.

Free time is when I study web3 security and compete in smart contract auditing contests. 

I did some programming while at university but web3 required a ton of computer science I knew nothing about. Turns out I really enjoy it! Learning independently gave me a certain strength to iterate through topics several times in order to understand. 

Discord and Twitter/X communities do help but generally, it was me versus a problem. Armed with only my will to solve it. A key learning for life! 

I began on freeCodeCamp and after some time moved to Cyfrin Updraft. The structured sections and the shorter, more accessible videos were a huge upgrade. 

Updraft’s structure makes it a really great learning source because the learning curve is not too steep. Each section breaks things down into manageable chunks of lessons. There is also content that provides general context about blockchains, DeFi, security, and all the other topics you need.

I studied everything on Updraft: Solidity, blockchains, DeFi, low level opcodes, smart contract security. And I still use the platform today. I also reference Owen Thurm and Rareskills because they also do a really good job.

Since I enjoyed security the most, that’s what I specialized in. 

I dug into Ethernaut’s Capture the Flags because I really liked the puzzles and the tricks you could do with smart contracts. I also learned from articles and other people’s reports. 

Once I had decent knowledge I started participating in contests to learn from other people’s findings and get feedback on my work. Because I studied on Updraft, CodeHawks is the platform I chose. The feedback loop you get from this experience is exactly what you need to improve and it helped me significantly!

From there, it’s all about consistency, curiosity, iteration, self confidence, and not giving up. 

I love the competition from contests and how they help me continuously improve, learn, and earn money. I’m also able to combine them with my full time job. It’s fun to push harder and harder to find the most unique vulnerabilities.

For example, the recent Beanstalk the Finale contest I found my first solo high vulnerability. More interesting to me, though, is the non-solo high that could prevent a lot of damage. Even though it was not a solo, I was the only one that demonstrated the maximum damage possible. 

‍

Getting into blockchain development and smart contract security

If you’re going to enter the space, ignore the noise. Long term sustainability comes from creating things that solve real problems. Build simply and don’t over complexify things.

When you’re learning, get as much as you can from Cyfrin Updraft and other resources. Start with the basics: Solidity programming and Foundry but don’t forget the advanced stuff too like Smart Contract Security and Formal Verification. Leverage all the free learning opportunities you can. 

Then, start building. Create simple versions of existing protocols and work through real developer challenges. Understand why the best smart contract security comes from the simplicity of code.

Stay current by reading articles from top-level security researchers, check out audit reports on Cyfrin Solodit, and (of course) scroll Twitter/X to know what’s happening in real-time.

Finally, be patient. Huge results don’t come in a single day. You’ll need to spend a lot of time learning, studying, working before the results come. You’ll feel miserable after your first contests. And that’s OK. Reframe your mentality to pursue knowledge, to understand, to learn. Get everything you can from the contest and use it in the next ones. Results will come.

‍

Why you should join the smart contract security community 

You can genuinely contribute to making the web3 space safer as a security researcher. It’s an amazing feeling. 

It’s nice to be recognized for uncovering a critical bug in a production protocol. But the real benefit is the opportunity to save millions of dollars of user funds just by looking into smart contract code.

If we do things right, blockchain technology will be disruptive for years to come.

Companies and protocols need fresh eyes. New voices to iterate and rethink protocol architectures. To identify ways to simplify and close the windows that can be exploited.

Blockchain security really is an enjoyable path. Of course it will frustrate you sometimes, regardless of your expertise. The key is to channel those feelings in the right way and learn from the mistakes so they’re not repeated in the future. 

If you’d like to follow my journey as a blockchain security researcher, follow me on Twitter/X.