Tips From A Professional Hacker: Breaking Into Cybersecurity

By Diyanah Syafiqah

Now as a cybersecurity consultant at KPMG Services Singapore, he thrives in protecting his client's infrastructure and application security solutions. He dishes out tips on this highly sought-after profession.

What does a day of work for a cybersecurity consultant typically entail?
As a cybersecurity consultant, every day is different and more challenging than yesterday. We are usually working on multiple client engagements, attending on-site and online meetings or performing fieldwork in a datacentre that includes breaking or ‘hacking' into our clients' systems. The objective is to find out if they are prone to attacks before the ‘bad guys' do.

A huge part of our work day is spent on performing such tests and helping our clients solve their IT security-related problems by recommending realistic and sustainable solutions. It's a very dynamic career which makes every work day very exciting!

So what is a cybersecurity consultant not?
We're definitely not secret spies or black hat hackers, also known as the ‘bad guys', who are looking to spy and steal secrets from others.

Most of us are not your typical geeks or nerds, as opposed to the popular misconception. In fact, this industry has produced some of the most creative individuals like Tsutomu Shimomura and Jeff Moss, just to name a few. They have played a vital role in shaping the Information Security industry into what it is today.

Also, contrary to what is portrayed in Hollywood movies, we're unable to hack into anyone's personal devices or social media accounts at the tap of the keyboard! In fact, as per the FireEye Mandiant M-Trends 2020 Report, the attackers are in the victim network for a global average of 56 days before they are detected. So, it is safe to say that hacking is definitely not black magic!

How has the SIM-University of Wollongong programme prepared you for your role?
A vast majority of the vulnerabilities in IT stems from insecure coding practices. In order to change this and build secure applications or systems, there is a need for developers who can code efficiently and securely. The programme provides comprehensive hands-on training for this.

It has also strengthened my basic principles, allowing me to gain new skills and concepts in my armoury.

For aspiring consultants looking for their first job, what key tips would you give?
For your first job, I would advise to remain open to any opportunity which allows you to learn more and not earn more. Graduate programmes are a good start as they ease you into the career as you pick up professional skills.

Besides keeping your resume and CV concise, it's great to include side projects, internships, weekend jobs or external certifications related to cybersecurity. There are various organisations like Offensive Security, CREST, GIAC, which offer basic to advanced professional certifications. These certifications are viewed on par with Masters' and PhD degrees. Hence, I would advise graduates to start taking them up early in their careers. It's certainly a testament of your prowess in the field.

Now that I'm interested in cybersecurity, how do I get a head start?
Meet people and network with your teammates, classmates and course mates; you'll never know if any of your connections could open a door to an opportunity of a lifetime. I was recommended for my current role by a fellow course mate whom I had worked with during my university days.

But the most important thing is to find your true calling. If you're inclined towards building a secure system, learning secure coding skills is what you might want to invest your time in. If you want to break into systems, Capture-the-Flag competitions and hackathons would be a good start. Hack The Box and VulnHub machines provide a sandbox environment to practice your hacking skills.

Always remember that in the field of Information Security, what you learn in your own time or after office hours will help you in your career progression. Information Security is a lifelong journey and not just a career!

Is a career in cybersecurity for you? Check out the SIM-University of Wollongong Bachelor of Computer Science (Digital Systems Security) programme for a head start. Explore other IT and Computer Science programmes offered by SIM GE here.