Parth Shridhar Naik BTU Cottbus-Senftenberg

Cyber Security (M.Sc.)

Statement Of Purpose

In today’s world of the Internet, there is a significant increase in the types of devices that can be
connected to the Internet. This has eventually led to a rise in the number of targets for Cyber-attackers
who exploit the vulnerabilities in the systems they attack. These attacks are not only restricted to
individual people, but also to large organizations and sometimes even to the government. For an
organization, compromising privacy and confidentiality of information may lead to consequences like
identity theft, reputational loss and financial damage, which is why it is crucial to maintain a strong
security posture. Over the course of my academic and brief professional journey, I have realized the
potential and the importance of securing Information because of which I decided to pursue a Master’s
degree in Cyber Security at BTU Cottbus-Senftenberg to strengthen my knowledge of this technical field
and provide me necessary skills to advance further in the world of Cyber Security.

The curiosity of how computers work internally, contributed to my decision in pursuing Bachelor of
Engineering in Computer. During this 4 year undergraduate program, I got an opportunity to gain in-depth
knowledge of the core subjects of Computer Engineering like Operating System, Computer Organization
and Architecture, Computer Networks, Database Management System and Data Structures and
Algorithms. I understood how the computer stores data, allocates memory while performing certain tasks,
how the Internet works and communication takes place between networks using protocols, what factors
determine the architecture to be used, what data structure must be used to optimize the algorithm. A
solid understanding of these subjects created a foundation for me to grasp more advanced concepts of
the Security domain when I attended the lectures of Information and Cyber Security subject. This was the
first time I got an overview of the Cyber Security field. I developed a great understanding of the Network
Security terminologies, Data Encryption techniques like Cryptography and Ciphers, different types of
keys, Digital Signatures, IP Security, Web Security, Email Security and Firewall types and Architecture.
While working on my final year group project of implementing a Web Application of an Automated
System to predict tags for the question asked by the user in StackOverflow, which is an online Question
and Answer platform, I got great hands-on experience with Natural Language Processing. Later on I
used the Bag Of Words technique of NLP to create a simple project to detect Spam Emails.

After completing my undergraduate course, I joined LTIMindtree (erstwhile Mindtree) as a Software

Engineer to gain some IT industry experience. Where I was trained on JAVA, Spring Boot, Hibernate,
Angular, and some cloud technologies like Docker and Kubernetes. Here I got to work on Mulesoft where
I was involved majorly in developing, managing, deploying and securing Mule API’s. From a security
perspective I was involved in creating a Secure Configuration Properties file for encrypting the
configuration properties stored in a YAML configuration file or a Spring-formatted file, configuring TLS to
provide communication security to Mule apps and using OAuth Grant types to grant and validate tokens
to access a secured resource. These security encounters contributed me to deep dive into more
technical concepts.

Next big step was completing Google Cybersecurity Professional certification which solved my problem
of finding the precise content to study in the Cyber domain and directing me on the right path. It helped
me to understand different security frameworks and controls, CISSP’s 8 security domains, OWASP
security principles, Linux, Network Protocol Analysers (packet sniffers), Intrusion Detection System(IDS)
and Intrusion Prevention System (IPS), and SIEM tools like Splunk and Chronicle. While completing this
certification I worked on a few projects and set up some of these tools in a virtual environment to get
more hands-on experience. I first started by converting my theoretical computer network concepts into
practical implementation by implementing a Secure Campus Area Network System consisting of various
departments and 2 Campuses using Cisco Packet Tracer, a network simulation tool. The main objective
of the project was to setup the firewalls for both main and brand campuses to enhance network security
and Configure IPsec VPN to ensure secure communication between them. Also ensured each
department is equipped with a Wireless Access Point all centrally managed by a Wireless LAN
Controller, performed basic configurations on network devices like Switches and end devices like PC’s,
Laptops and Printers. Utilized subnetting techniques for each network group and configured multilayer
switch for inter-VLAN routing thus enabling devices in both campuses and all departments to
communicate with one another. By using Simulation mode in this Cisco tool, I was able to observe how
the data packets traveled across the network helping me in troubleshooting. My interest in cryptography
and math behind the algorithms fueled me to make a Secure Encryption Algorithm project where I
implemented Caesar’s Cypher, RSA and DHK from scratch using python.

I obtained a decent understanding of packet sniffers by capturing and analyzing data traffic on my home
network. Using Wireshark I applied basic filters on these packet capture (p-cap) files like protocols and
ports. Similar to this I used command line based Tcpdump to capture data packets, where I applied
options and used expressions on commands to filter network traffic. Packet sniffing helped me to learn
basic network troubleshooting by examining packets. I also gained a brief idea of static and dynamic
malware analysis after setting up a Malware Analysis Lab using FlareVM in Windows 10 Operating
System hosted on a virtual machine. From this I learned how to examine the functionality and potential
impact of the malware sample. Further, I installed SURICATA (IDS/IPS) on Ubuntu hosted on VMWare.
Knowing the importance of Rules/Signatures in IDS/IPS, I went through many pre-written rules and also
played around them creating some custom rules to improve my understanding about them. To gain some
real-time experience using a SIEM tool, I installed Wazuh on an Ubuntu machine hosted on VMWare
which acted as a server and added 1 Ubuntu and 1 Windows 11 Wazuh agent on VMWare. I performed
some activities like installing random softwares on Windows agent, trying to make system configurations
on Ubuntu agent and many more. The Wazuh server machine collected and analyzed the log data
received from the Wazuh agent machines and displayed it on the Wazuh dashboard. It displayed the
vulnerabilities present in some of the randomly installed softwares. I believe that this will aid in my active
contributions to the graduate program as I am exposed to these tools at a basic level.

Seeking a master’s degree in Cybersecurity would be a great step further to enhance my knowledge.
Upon researching thoroughly, I have chosen to pursue graduate studies at BTU Cottbus-Senftenberg
because being one of the top universities focusing on engineering, it is also one of the few universities
offering M.Sc. in Cyber Security in English Language with affordable on-campus living. The university’s
strong course content and infrastructure will provide me the right platform for my learning aspirations.
Modules that appeared to be of great interest to me include Network and System Security and
Cryptography and apart from that, the computer science electives offered will help me in the long run by
diversifying my knowledge spectrum. Along with that it would be a great opportunity for me to be a part of
BTU’s Chair of IT Security’s Capture-The-Flag (CTF) club, where I can learn different things in the Cyber
field from a great student community and participate in CTF’s, thus enhancing my experience. Studying
and working under the guidance of Prof. Dr.-Ing. Andriy Panchenko would hugely help me to gain
expertise in Network Security.

Soon after my Master's I aim to work as a Cyber Security Engineer building new detections or improve
the current detections and achieve my long term goal of becoming a Security Architect in the industry,
researching, planning and designing robust security structures to maintain the Security Posture of an
organization. With the aim of gaining more knowledge and focusing on my career goals in the long run, I
am applying to this program that will surely help me to achieve the same.

Parth Shridhar Naik