By Vara Prasad Bandaru
Earlier this year, I successfully completed my internship at Trail of Bits and secured a full-time position as a Blockchain Security Analyst.
This post is not intended to be a technical description of the work I did during my internship. Rather, it is intended to describe my general experience as a Trail of Bits intern. I hope that reading about my experience will motivate others to apply for future internships at Trail of Bits.
First, I will introduce myself and give some background on my technical expertise. Then, I will explain the application and interview processes and describe some of the work I did during my time as an intern (spoiler alert: I worked on Tealer, a static analyzer for Algorand smart contracts!). Finally, I’ll provide a list of takeaways that I would have wanted to know when I applied and a few things I liked about interning at Trail of Bits.
Who am I?
I’m in my final year of my bachelor’s program in computer science at RGUKT Nuzvid, a tier 3 college in India. Before my internship at Trail of Bits in the winter of 2021, I didn’t have much industry experience other than completing one computer science project (Monkey Interpreter, a Python rewrite of a Golang implementation) and competing in capture-the-flag (CTF) competitions. I began competing in CTFs near the end of the first year of my bachelor’s program (and still do on the weekends) under the username S3v3ru5.
I mainly concentrated on cryptography-related challenges, my strongest category, when I first started competing in CTFs. But around August of 2021, I began participating in blockchain-related challenges to gain experience in this technology that everyone is talking about. I was able to complete an easy Solana blockchain challenge in the ALLES CTF and all of the Ethereum blockchain challenges in the Ethernaut CTF, a web3/Solidity-based war game. I began this work only about a month and a half before I applied for my internship at Trail of Bits. As you can see, I didn’t have much blockchain experience beforehand.
It was through my work on these CTFs that I became familiar with Trail of Bits. I would always see Trail of Bits in the sponsors section of the CTFs I competed in, and I still remember solving a challenge presented by Trail of Bits in one of the CSAW finals. I always referred to (and still do) the Trail of Bits CTF guide and blog posts, especially “ECDSA: Handle with Care.”
Applying for the internship
As I was approaching the end of 2021, I started looking into cybersecurity internships, mainly those related to cryptography (my strong suit) and blockchain (my most recent area of interest). There were very few internships that both related to my interests and would accept a bachelor’s student who had no prior experience other than competing in CTFs and who hadn’t completed many projects. But I did remember that Trail of Bits is a top cybersecurity research and consulting firm that values CTFs, emphasizes self-learning, and gives people chances.
I decided to look into Trail of Bits’s open roles and discovered the winternship program. These interns work on a Trail of Bits project, or even on their own security-related projects, under the guidance of a mentor. The internship is paid and takes place over the winter break to give students and new security engineers real industry experience and an opportunity to write a publication for their resumes. An internship at Trail of Bits could even lead to an offer for a full-time role.
I wasn’t working on any projects at the time I applied for the internship, so I decided to apply for a few of the available Trail of Bits projects that seemed interesting to me. First, I applied to two projects that would allow me to gain more experience with blockchain technology: Manticore, a symbolic execution tool developed by Trail of Bits for analyzing Ethereum smart contracts and Linux ELF binaries, and a project researching the Solana blockchain. Both Ethereum and Solana are blockchains I’m technically familiar with, so I thought those projects would be a good fit. However, I later decided to apply to work on Tealer, a static analyzer for code written in Teal, an assembly-like language used in the Algorand blockchain. Even though I didn’t have experience with static analysis or the Algorand blockchain, Tealer was both a relatively small and new project: I knew that I could easily read through the source code to get my feet wet and that my work on this project could form the basis for future work. Finally, the application procedure was the same for all three projects, so I thought, “why not?”
I was invited to an initial 30-minute phone screen to discuss both Manticore and Tealer. It was my first interview, so I was a little nervous, but the Trail of Bits engineer I interviewed with, Felipe Manzano (who later became one of my mentors), made the experience enjoyable and stress-free. It felt more like a casual conversation with a friend about the work and my experience and interests. After that, we had another five-minute call to discuss the internship start date, the place of work, and other onboarding information. I received the offer letter later that day: I was selected to work on Tealer, the project I was hesitant to apply for.
I was surprised by this interview process. It was entirely different from many of my friends’ experiences interviewing with other companies. My interview was easy and better than most in every way for an internship role.
Preparing for the internship
As I prepared for my first internship, I realized that I was not familiar with many of the tools and concepts that I would be working with. For example, I hadn’t worked with the Algorand blockchain or static analysis tools, and I wasn’t very experienced in Git or GitHub. I was worried that I was going to fail in my internship if I didn’t put in the effort to learn these tools and concepts before my internship started.
My internship was supposed to start on December 13, 2021, so I started my preparation on the first day of December. I read through various resources to learn about static analysis, the Algorand blockchain, Git, and GitHub during the first 10 days of December. I was able to see the results of my preparation when I found issues in Tealer’s parsing of Teal code compared to the developer docs, even before the start of my internship!
During the internship
Because of the level of preparation I did before my start date, I was able to start my work on Tealer on my first day. During my internship, I accomplished the following:
- Fixed Teal code parsing issues in Tealer
- Identified and fixed errors in CFG construction
- Added three new vulnerability detectors and three new printers to Tealer
- Added documentation to most of Tealer’s code, making it easier to read and understand
I really liked working on Tealer, and my internship overall was an excellent experience. All my work was open for review and merged after approval. I received very good feedback and help whenever I was stuck. I was able to be involved in active discussions about the tool. And receiving an offer for a full-time position because of my performance in the internship made my experience even better.
Tips and takeaways
I’d like to offer some tips to prospective interns that I wish I had heard before my internship. Now that I have first-hand experience with a Trail of Bits internship, I can speak to how true these tips really are.
- It’s OK if you don’t meet all the requirements of an internship that you’re applying for. There’s nothing wrong with applying. I was hesitant to apply to work on Tealer, but in the end, it worked out very well for me.
- You don’t have to know everything you need to know for the internship you’re applying for. The point of an internship is to gain experience and to learn new things. Also, employers don’t look for people who already know everything (no one does) but for people who can learn and gain the required knowledge if given enough time.
- Always ask for and take suggestions when in doubt.
- Always seek help from your mentors. You don’t have to figure out everything by yourself, and nobody expects you to. Mentors are more experienced, have more knowledge, and are there to help their interns.
- For those who are non-native English speakers, as I am, don’t stress if you are not fluent in English. As long as your coworkers can understand what you’re trying to communicate, it’s OK if you’re not very fluent or make mistakes. Of course, it’s a great idea to improve your communication skills in the long term, but never let your current level in English stop you from applying to internships.
Why apply for the Trail of Bits internship?
I can’t say enough good things about my experience interning at Trail of Bits. From the stress-free interview process, to my ability to participate in active discussions about the project, to the direct merging of my work, it was a great experience. In short, I was an intern, but I felt like a full-time employee. Still, here are some highlights from my internship:
- I was given the freedom to work on the tool the way I wanted. I was never told not to do something as long as what I wanted to do improved the tool and worked toward the goal.
- I didn’t have any restrictions on what time I worked or how long I worked for. There were days when I couldn’t make much progress on the project, as generally happens with me when I start working on something new, but I had the freedom to work at my own pace.
- Finally, the biggest highlight of my internship was when Dan, the Trail of Bits CEO, sent a small message over Slack appreciating my work. I didn’t think I would feel this way when I read similar stories from other interns, but I really felt proud. I still remember showing that message to some of my friends.
A heartfelt thanks
I’d like to thank Felipe Manzano and Josselin Feist for giving me free rein over the project and making my first internship an extraordinary learning experience. Also, thank you to Trail of Bits for extending the offer to join the company full-time after my studies. This internship couldn’t have been any better, and I am hoping for a similar experience in my full-time role.
One thing I wanted to change while writing this blog post is the use of the word “I.” Using “I” makes it feel like this experience was solely mine. This isn’t true: this story could have easily been yours. Make sure to look out for the next open internships at Trail of Bits and have your own extraordinary experience.