My first assignment seemed straightforward on paper, but the reality was different. Before I could even begin testing, I had to properly set up my workstation. That alone took me a couple of days configuring tools, aligning environments, making sure everything was ready for proper testing. It was already a reminder that in real-world cybersecurity, setup is just as important as execution.

Then came my first major blocker SSL pinning on the mobile application. I couldn’t intercept traffic, which meant I couldn’t properly analyze requests or identify vulnerabilities. At that moment, I felt stuck. I tried different approaches, researched multiple techniques, and tested several methods, but nothing seemed to work initially. It was frustrating because I knew what needed to be done, but I couldn’t get past that barrier.

At that point, I had to reach out and learn from others who had faced similar challenges. With guidance from experienced people in the field, I was eventually able to bypass the SSL pinning. That small breakthrough gave me confidence but it didn’t last long. The next challenge came immediately: setting up my testing tools properly. Android Studio, HTTP Toolkit, and of course Burp Suite all needed to work together seamlessly. And this was happening while I had deadlines to meet, bugs to find, and reports to submit. The pressure was building.

I spent hours trying to get traffic to intercept correctly, but nothing worked as expected. It reached a point where everything I tried felt useless. Imagine knowing what the end goal is, but every step you take seems to lead nowhere that was exactly how it felt. To push through, I joined a Google Meet session with my boss, and we spent almost 8 hours troubleshooting the issues together. We tested configurations, reviewed setups, and explored different possibilities. Even after all that time, I still had pending tasks waiting for me. The pressure didn’t reduce if anything, it increased.

Then came an unexpected solution: switching to MEmu emulator.

The challenge? I had never used MEmu before. So it meant learning and setting up an entirely new environment from scratch again. Installing it, configuring the network, setting up certificates, making sure Burp Suite could properly intercept traffic it was another process on its own.

But this time, something changed. Step by step, things started to align. I was able to install the certificate correctly, route traffic through Burp Suite, and finally I started seeing intercepted requests. That moment felt different. Not just because it worked, but because of everything it took to get there. I was finally able to intercept and modify requests successfully using Burp Suite, and at that point, I could actually begin the real testing work.

What this entire experience taught me goes beyond tools or techniques.

You can have knowledge. You can even have experience maybe 70% or 80% of what the role requires. But when you hit a real blocker, none of that matters if you don’t know how to think through the problem.

I learned that problem-solving in cybersecurity requires patience, persistence, and the ability to stay calm under pressure. Most importantly, I learned the value of giving yourself time to think even when deadlines are tight and pressure is high.

Because the truth is, when you don’t pause to think, you end up doing more work but making less progress. And in a field like this, that can cost you both time and results. Sometimes, the difference between being stuck and finding a solution isn’t more effort it’s clearer thinking.

That experience reminded me that cybersecurity is not just a technical skill. It’s a mindset.