Ask the Expert: Sheraz Arshad

CertiK | Aug 18, 2021

Article's Poster

Another day, another #AskTheExpert!

This week we’re dishing out a treat with an insight into a day-in-the-life of Sheraz Arshad, CertiK Security Engineer, and all-around ace guy.

Like all of our team members, Sheraz plays an essential role in the CertiK ecosystem and, by default, the security of the entire blockchain ecosystem.

Q: Why did you want to become a security engineer?

I have always had a fascination with computers since I started using them as a kid. As a teen, I liked interacting with people all over the world on Yahoo chat rooms and there I was introduced to a type of software that everyone called “booters”, which allow an attacker to bombard the victim’s computer by continuously popping up DM windows to the point where victim’s computer would hang and needed to be restarted. It was a mesmerizing experience of having the ability to shut down someone’s computer by just knowing their email. This experience drew me to the hacking and security side of software applications.

In university, the results for one of the semesters were late for some reason, without an announcement, and we would check several times a day to see if the results were updated on the university’s portal. While doing one such check, I started exploring the source page of the portal and came across an image link in the source page that contained my GPA for the current semester. The ability to find an exploit in the portal was a very intriguing experience for me.

My past fascination with the security side of software applications, a likeness for the blockchain ecosystem and Solidity language, and the fact that, as a security engineer, you get to dig deep into the working of things helped me make the decision to take on a security engineer role at CeriK. The opportunity to work with some of the smartest people in the industry made it a fulfilling experience.

Q: What does your workday look like?

  • Communicating with business development and the professional services engineers daily.
  • Performing quotes of the projects from potential future clients.
  • Performing audits of currently assigned projects.
  • Communicating with the clients about their audits, asking them questions, and answering theirs.
  • Performing the assigned reviews of audit reports.

Q: What are some of your challenges and accomplishments?

While working for one of my past employers, I was tasked, along with my colleague, with re-writing the deployment pipeline written in JavaScript to TypeScript. I did not have prior professional experience with any major strongly typed language but I was able to grasp the concepts of TypeScript over the weekend and started contributing to the project by Monday. My colleague and I both successfully ported the deployment pipeline to TypeScript.