Cyber Security in 7 weeks

Why you should read further?

• Jon started with zero experience, got spotted & hired by DSTA towards tail end of internship while contesting in their Capture-the-Flag event.

• Choong Mun & Wen Siang created this explainer video: https://www.youtube.com/watch?v=FNpro0vE3dU towards tail-end, got calls for interviews very quickly

• Even my 1st year undergrad Intern YJ was able to share his in-depth journey during COVID lock-down, we had a blast working from home: https://jymcheong.notion.site/YJ-s-Internship-c9c14b6f5c8e4827b8b0a9f33c499137 His posts are well received on LinkedIn, don’t think he has problem getting hired!

Are my “materials” good enough?

1. As Intern (2003), I developed the 1st multi-user WinCE Singapore Police Force Traffic Enforcement app (that’s way before things like iOS & Android) & augmented native mail app to enforce multi-user AES storage encryption.

2. Knowledge-Transfer of 1st batch of Singapore ICA (immigration) passport scanners was pioneered by me. I also pioneered the product development of > 50% cost-effective versions of such multi-illumination optical scanners that are deployed in ALL money changers in Singapore.

3. Created the first ICAO PKI LDS verification SDK used by Immigration hand-held devices based on WinCE.

4. Early generation of SingPass (national authentication system) root cause analysis to trace very obscure issues through the use of visual source-code analysis, in < 1 week of joining ex-company. It was troubleshooting secure codes within Hardware Security Module enclaves.

5. Product development & patent of a virtual printer driver that cut down the time to deliver service-value from months to days. I also designed & implemented self-service software licensing sub-systems to encourage adoption of optical security solutions.

6. Delivered ST Engineering Cyber Security Operations Center on time & within budget (a few million SGD). As technical lead, I drafted Tender Technical Specifications, managed Product Testing & Vendor short-listing, project delivery … to co-development of detection use-cases along side with HPE Security consultants, & as advisor to various business stake-holders. Before that, I was deeply involved with other government SOCs to learn various pain-points, in-depth understanding of what works & what doesn’t.

7. Test & Evaluation of cutting edge startups. Grew a team of fresh hire & mid-career engineers to evaluate product categories that are now buzz-words. We tested cutting edge stuff (then) to understand strengths & weaknesses. Things like Malware Sandboxes, Remote-Browsers, Continous Validation, Cyber-Range Automation, Endpoint Detection & Response, User Endpoint Behaviorial Analytics & the likes.

Getting Started (2 weeks)

• The whole point of this profession is Risk Management (←click to read)!

• What are the Necessary & Sufficient Conditions of Attacks? Why bother? All conditions met → high risks!

• ALL logical attacks are based on:
• Adversary-in-the-Middle (intercept data, steal identity or session... impacts confidentiality) &/or
• Code-Execution (exert remote control over assets or blast/encrypt it till system dies/ unusable; integrity of system questionable, availability is lost)

• First hand experience of Attack-Surface - Spot & stop Linux SSH brute-force!

• Code-Execution 101
• What is it? How to spot it? Get acquainted with Windows EventLog & Sysmon
• Be the attacker (my 1st year undergrad Intern’s adventure, have a look)!
• Disrupt PE file-based malware with ETW

Rethink & Revamp (2 weeks - Working on it)

• Attack Detection vs Disruption

• Goodbye Passwords!

• Where are your perimeters?

• Disrupting Code-Execution

For Developers (3 weeks - Coming soon)

• Develop Ransomware protection agent

• Develop event linking & process attribution with Graph Database

• Defensible Architectures - Distributed . Immutable . Ephemeral system design properties