White hat hackers are people who play a key role in ensuring information security for companies or organizations. Excellent people in this field are being sought after by companies and organizations working in the field of cybersecurity or wishing to ensure information security in the world as well as in Vietnam.
How do you see the white hat hacker force in Vietnam now?
Personally, I think the information security industry in Vietnam is still narrow and growing in both quantity and quality of personnel. White hat hackers are people who work in information security and network security, most of which are young people who have graduated from universities training in information security and information technology. However, the outstanding is not much and the good people tend to go abroad more than stay in Vietnam to work and contribute. The number of white hat hackers has not yet met the recruitment demand in Vietnam.
Compared to Southeast Asia, Asia and the world, if you look at it objectively, in your opinion, where does the white hat hacker force of Vietnam stand in terms of quality and quantity?
To compare the position of Vietnamese white hat hackers, it is difficult to say because there are many factors to consider. However, based on the results of competitions like Student at ATTTcompetitions CTF, drills in the ASEAN region and in the world that I have followed and known, Vietnamese white hat hackers are also very good and have a top position in the region. The number may not be much, but the people I know in the industry are all top-ranked in the world in areas such as vulnerability research, bug bounty, malware analysis, software decompile, and are known and followed by many international friends.
A year ago, he was rated by Bugcrowd, the world’s largest security vulnerability search platform, at the top of the platform’s rankings in June 2021. What does it mean to be rated at the top of this ranking?
In short and easy to understand, Bugcrowd or Hackerone are bug bounty platforms, where security researchers, vulnerability hunters can report vulnerabilities they find to companies and corporations around the world and get themselves rewards and rankings on platforms. Each vulnerability that you report to the platform will have a fixed score based on how severe the vulnerability’s exploit is or less.
With Bugcrowd, they give a monthly rating based on the total score for all the vulnerabilities you report (report) during that month that are considered valid and have been awarded; on the Hackerone platform will rank quarterly and by country. To be on the rankings, you have to be the one to find the most vulnerabilities in the programs, thereby getting a lot of points to compete with thousands of other hackers on the platform.
I am fortunate to have had a number of months in the top rankings of the Bugcrowd platform and am currently in the top 50 hackers of the platform full time, as well as many quarters achieving the title of MVP (most valuable expert) of the platform. Thanks to that, I have been invited to some major Hacking events of this platform, but competing with other white hat hackers in the world is quite difficult when they have a lot of experience and outstanding skills. Because on these bug bounty platforms neither age nor gender matters. There are teenage white hat hackers in the world who are very good, even better than many university graduates in information security.
What are the prominent security holes that you have discovered in the past time?
Up to now, it has been 2 and a half years since I entered this path after graduating from university. There are many security holes I have found and reported to companies and organizations that it is difficult to remember them all. However, I am interested and interested in security vulnerabilities affecting the server side.
The last time in February, I discovered a series of security holes in Amazon systems and I am ranked 1st on Amazon’s white hat hacker honor. I have reported many critical vulnerabilities to more than 100 large companies and organizations around the world such as Fortune Global 500 companies.
In Vietnam, I do not actively search for security holes of companies and organizations due to legal issues. However, in the process of extensive scanning online, I discovered some serious vulnerabilities of many large banks and companies in Vietnam and tried to report the vulnerability as quickly as possible to the company’s security focal point. The early detection of these vulnerabilities helps prevent hacked systems from taking control from bad actors, ensuring information security for those companies and organizations.
The position of white hat hackers is increasingly appreciated by the world. Has Vietnam trained in-depth stories to “train” white hat hackers?
Many universities are promoting the training of students in information security because the number of outputs in the right industry is still very low, not meeting the general recruitment demand. However, in order to become a true white-hat hacker, it is not enough to study in school, but students need to have a passion for the profession, perseverance and practice good skills when entering the path of becoming a white-hat hacker. It is extremely necessary for intensive training in cybersecurity companies with good environment, in-depth and methodical training, to create conditions for self-development, and to find bright gems in the industry.
What about your path to the job of a white hat hacker?
I come to this job from the first passion and practice every day. When I was a high school student, I went to internet cafes to mess around with things that other people didn’t understand and then crashed their computers. At that time, I didn’t really understand what I was doing, later I found out that people in the industry called it script kiddle.
When I went to university and was led by the seniors in the school, I found myself more interested in this job and constantly accumulating experience and knowledge day by day even as a new student. In my 3rd year of university, I applied for an internship at the place where my journey to becoming a white hat hacker started and where I am currently working.
The first security holes I found on Oracle’s major ERP product. And that was the first milestone on my conquest journey.
How do you predict the development of the white hat hacker force in Vietnam in the near future? What advice do you have for young people who want to follow this path?
With the rapid development of technology in the 4.0 era, I realize that information security or white hat hacker is an extremely “hot” industry and needs more personnel. Especially generation Z (born from 1997 to 2012 – NV) are called those who play a key role in this 4.0 era and have early access to technology that helps arouse passion and curiosity. The younger generation is getting better and better than their predecessors, but they need to be led and trained in a good direction. There are many good people, but because they are not trained well, leading to the wrong path, not keeping the morality, becoming a cybercriminal, black hat hacker doing bad things is extremely unfortunate.
I myself have witnessed many good people go down the wrong path and lose their future. Therefore, as a pioneer, I advise young people who are thinking of becoming a white-hat hacker to constantly keep the fire of passion, practice well in both professional skills and a healthy and ethical lifestyle. Because it’s important to become a white hat hacker that you have to keep your sanity, keep quiet, keep secrets in this job; Because there are many temptations when you have your hands on sensitive data, confidential information of companies or organizations or you can become rich in minutes with the security holes that you find causing high financial impact.