My Cybersecurity Career > Cracking Code

Recently, I was at the Singapore Airshow to showcase what my firm offers in terms of cybersecurity solutions contextualised to the aviation market. Being a trade show, I was privileged to have met many different partners and stakeholders who would otherwise communicate with us typically via teleconference calls. Being the first huge trade show I…

CISSP Review: What Does it Take to Pass It?

Being my first cybersecurity management certificate, taking this differs from most of my earlier cybersecurity certifications, which focused around various skills in offensive security (penetration testing, exploit development e.t.c.) To some extent, I had to take this with a different approach — one with a stronger foundation in conceptual knowledge, and to a large extent,…

I Want to Get into Cybersecurity. But I Know Nothing. What Should I Do?

Last year, I was interviewed by the Straits Times on the future of work. But I did not predict how many people would ask me about a cybersecurity career in 2023. I was once in this position in 2016, after graduating with a Physics degree. Knowing nothing about cybersecurity, I somehow applied for one such…

Last of the Holy Trinity: The OSED

*This course review is written rather differently from others you may have read. I doubt I need to re-invent the wheel here; build on the great reviews written by folks such as Space Raccoon, nop (allegedly guilty of breaking the Offsec mail server by accident), and epi052. Rather, this review takes a slightly more philosophical…

Why Did a White Hat Read a MBA?

Several friends in different social circles had talked up the Quantic MBA since it was free. But I was a cybersecurity professional. Why did I need to read a MBA now? I decided to do it anyway, and I am glad to report I have survived. Why I Did It Perhaps the answer can be…

A Fully Understandable Description (FUD) of PEN-300

*FUD also stands for “Fully UnDetectable”, which describes malware that evades the bulk of commercially used antivirus products. PEN-300 naturally continues where PEN-200 leaves off, for more advanced techniques. After all, OSCP skills alone will not beat modern mitigations; we must try harder. What Do I Really Need Before PEN-300? There has been a trend…

A Response to “What are IT Fundamentals” in Cybersecurity

I have decided to share a post written by Naomi, a CISO, on her views on whether a cybersecurity career requires IT fundamentals. She summarises her position as follows: You don’t NEED to know networking, computer hardware, operating systems, databases, or anything deeply technical to start in cybersecurity. All you need is a high level…