"I like hacking things, I'd just rather not go to jail" is a joke I often tell people as an answer to why I work in cybersecurity. Responsible Cyber provides plenty of opportunities to work on different aspects of this ever-evolving field, from the very technically-oriented offensive security stuff such as penetration tests or phishing simulations, to the more high level notions about risk quantification, etc.
When I was in high school, I developed a keen interest in IT, computers and cybersecurity, so much so I even started programming on my calculator. When I moved to Singapore to finish my studies, I met Magda who offered me a part-time role as a Developer on IMMUNE and cybersecurity consultant for our customers at Responsible Cyber while I attended University.
Before you can "hack" something, or evaluate whether it is working correctly, you need to know how it works in and out, so you are able to pinpoint what makes it insecure.
Over the years as an offensive cybersecurity consultant, I’d like to think I have acquired quite some degree of working knowledge about some relatively niche topics in security and cloud and this has been critical to the success of our various engagements with customers.
There’s definitely the personal satisfaction I get from seeing what I worked on being deployed and actually used by customers. Today, I can go onto the platform and say "Hey, I coded that functionality!" How many people can say that?
Then there’s also “reward” in the knowledge that we are fighting the good fight, which is a rarity in today’s world. We’re not simply a company for profit; We are building something that truly helps our customers be more secure.
Whenever I read about the devastating impact that cyber attacks have on formal institutions like schools and hospitals, I’m reminded of the significance of our work. It reinforces my belief in the importance of our efforts in the cybersecurity domain, and motivates me to continue contributing to the field.
Getting to know things. When I started, I only knew the very basics of cloud: setting up a virtual machine on AWS with a few firewall rules. Figuring out the technology while having to deliver professional grade results was surely the toughest challenge I’ve faced. I believe I overcame them the best way there is: I got my hands dirty, tried things out and made mistakes (and still do).
The culture at RCPL is extremely supportive in that we are always encouraged to pick up new skills and obtain certifications in relevant fields. Thus far, the company has supported me in my pursuit of all three of my certifications: OSEP, OSCP & SSCP.
We do good work. We aspire to make the digital world a better and safer place, and our pursuits extend far beyond the pursuit of profit. In fact, we support the vast majority of Women on Cyber’s initiatives to empower and equip women in cybersecurity to achieve their full potential.
Previously, we used to be heavily reliant on third-party products to perform phishing simulations for our customers. However, as an offensive security specialist, I always found these products lacking: yes, they allowed us to send simulated phishing emails and get statistics about how many people clicked or opened them, but they were lacking for the following reasons:
• Email templates were limited, and they looked bad – any slightly motivated threat actor could come up with better looking and/or more convincing phishing emails
• Additional features such as setting up fake login pages or using fake malicious attachments were not always supported and they usually cost an arm and a leg
Therefore, I decided to set up and develop our own phishing infrastructure. This reduced our overhead cost exponentially whilst increasing the quality of the service delivered to our clients.
Without sugarcoating things, work can be demanding – regular progress is expected. However, everyone on the team is also very supportive and we’re all more than happy to help and answer any questions or resolve any doubts on anything at any time.
I've been reading a lot recently (or so I’d like to say but I just picked up my first book in 3 years). Things I actually do enjoy are stuff like going to the movies, playing escape games, Netflix, and… doing nothing honestly.