Hi there! This is Jym from Singapore. I am a Principal Engineer with ST Engineering Info-Security Pte Ltd.
Things I did over the years:
- As an Intern, implemented the first multi-user WinCE encryption solution deployed for Singapore Police Force Traffic Enforcement command
- Ran a Cyber-Cafe during my early 20s & also dabbled with Software-as-a-Service for retail Food-&-Beverage outlets. Gained some experience before working...
- Knowledge transfer (from vendor's country to Singapore) & doubled-up as QA engineer who tested the first batch of E-Passport scanners deployed (& still in operations) within Singapore Immigration and Checkpoints Authority
- Bug finder for (early version of) SingPass National Authentication Hardware-Security-Module "Secured-Enclave" implementation
- High-volume data-pipeline test design & execution for a Ministry's SOC
- Delivered ST Engineering Security-Ops-Center on-time, on-target & within budget by leading tender specifications, vendor evaluation & technical leadership
- Trained interns, fresh-grads & mid-career as part of our Test-&-Evaluation team to objectively assess some state-of-the-art (then) stuff like Malware Sandboxes, Continuous Validation, Breach Simulation, Cyber-Range, UEBA, EDR, Browser-Isolation & so on that are now buzz words
- Advisor to C-Suites & PhDs colleagues
- Principal author of OpenEDR (not to be confused with Comodo Security's version with the same name) & other open-sourced tools.
Sam Poder contacted me to ask if I was keen as a mentor with CodeDay for APAC region, but unfortunately I have limited bandwidth due to family & day-job commitments. That encounter gave me an idea: why settle with "constraints" due to budget, office-space, school schedules & so on?
When we are willing to learn, we will make time & find the right resources to reach our goals.
COVID-19 pandemic showed us that we can be equally productive working & learning from anywhere other than office :D
Gitlab too! Regardless of preference, we should fully leverage all these awesome platforms. Benefits?
- Microsoft data-centers have a way better up-time than let's say a self-host git-server within a dusty old server running under a table.
- Free but scalable!
- Flexibility, we can turn
Issues
into anything by using appropriate tags. - Comments & notifications for async communications
Don't take my word for it: https://medium.com/@johnlatwc/the-githubification-of-infosec-afbdbfaad1d1
Have a look at YJ's internship: https://www.notion.so/jymcheong/YJ-s-Internship-c9c14b6f5c8e4827b8b0a9f33c499137
As a team-lead of my office's Test-&-Evaluation group, I once tasked a mid-career programmer (who was transferring to our department) to write a simple program by giving him some technical specifications.
After which, he coded the simple background/hidden app & we tested on our office laptops that were being monitored by so call "State-of-the-Art" detection manned by a team of monitoring crew. No one stopped us from "stealing" files, screenshots & key-strokes from our own laptop with his custom malware.
I taught him & my bosses a simple but important lesson; writing evasive malware is not rocket-science.
Similarly for this Virtual-Internship, I will craft a series of "Issues" for those who are willing to explore & learn in the process of solving them. I will make time to provide pointers & recommendations but don't dig my brain for free consultancy please ;P
Professionals who want to provide mini-problems for students are welcomed! Let's get in touch either here @ Github or LinkedIn.
Some jobs are expecting some form of experience. Having a Github account to show your contributions is helpful:
You don't gain work-experience from reading textbooks or online guides, you should be solving something relevant.
Networking with professionals during Internship may be useful for some companies, but showing your competency as reusable contributions could bring you bigger opportunities in a borderless world.