Hacker Without a Handle

Hacker Without a Handle
Listen

 

Hacker Without a Handle

It’s rare for us to get to meet an enthusiastic hacker and confident enough to have his identity known to the world. It’s okay though as he has the skills, talent, and certifications to back up his confidence in his ability to secure himself and those he works for. So, meet Jason Kek Jun Kai, not ladiesman217, not noobmaster69, not cobrakai84. Just Jason Kek, 1st year student in Ngee Ann poly pursuing a Diploma in Cybersecurity & Digital Forensics. This is one knowledgeable young man with a lot to say. Let us get to know him through his own words.

And now for the interview…

  1. First, tell us about yourself.

I'm Jason Kek Jun Kai! a year 1 student in Ngee Ann poly pursuing a Diploma in Cybersecurity & Digital Forensics. I have been actively joining local and international cybersecurity competitions and conferences since I was 13 where I get to work with other like-minded individuals and give lessons on cybersecurity which excites me to learn more!

I also take up certifications on my own time. Most notably, I am a Certified Ethical Hacker (CEHv11), Certified SOC analyst with EC-council, Fortinet NSE 1 & 2, and CCNA. I am doing a 5-year mentorship with IBM where I get to attend weekly workshops such as Industry visits, in-depth technical skills, and workplace competency training as well as a 1-to-1 mentor to guide me through my journey in Cybersecurity.

Recently, I worked as a freelance Security Consultant and as a Cybersecurity analyst at CyberProof, one of the top MSSPs in the world to analyze security events & alerts with various SIEMs and EDR such as Splunk, Q-radar, Azure sentinel, and Sentinel One for global customers.

 

  1. How did you start in IT and how did you get to where you are in your career today?

Is a funny story, I still remember vividly when I was 10 years old, I was playing a multiplayer online video game on my machine running windows 7. One of the users sent a .exe file and asked us to download to get more points! Once I downloaded the file, my computer instantly shut down. And I was like “THAT’S THE COOLEST THING EVER”.

A few years later, I was frequently bullied in primary school class for being ‘Weird’ and ‘different’ and one day I decided to get back at my bullies. I created a phishing link with the title “CLICK HERE TO CHANGE YOUR FACEBOOK COLOUR” and sent it to my class group chat. Of course, I got into serious trouble after I posted colorful things on their Facebook feed and helping some of my classmates perform an ‘involuntary backup’. But that momentarily feeling of ‘power’ really intrigued me on what else I can do with this ‘power’

I did a lot of self-learning because computing wasn’t a subject when I was in primary and secondary school at that time.  I joined hackathons and CTFs and I.T conferences when I was 13 where I got to network with the bigger tech community in Singapore and Malaysia which excites me to learn more!

However, academically I was doing very bad because I’m always fanatic about tech stuff and not focusing on studies. 

After graduating from secondary school, I enrolled in a Cyber & Network security course at ITE Collage West which exposed me to the necessary skills that a Network Security associate require in today's fast-paced digital era. Such as providing technical support for servers, networks as well as perform vulnerability scanning, and incident monitoring and reporting.

I was also given the opportunity to intern as a cybersecurity analyst at CyberProof, one of the top cybersecurity companies (MSSP) in the world, to analyze security incidents and alerts for organizations in critical information sectors around the world using sophisticated platforms like SIEMs and EDR such as Splunk, Q-radar, Azure Sentinel, and Sentinel One.

I also take up cybersecurity certifications in my free time. Most notably, I am a Certified Ethical Hacker (CEHv11), a Certified SOC analyst with EC-Council, Certified Fortinet Network Security Expert, and I’m currently pursuing Offensive Security Certified Professional (OSCP) and Certified Network Defender (CND) and CEH practical.

At present, I am pursuing a Diploma in Cybersecurity & Digital Forensics at Ngee Ann poly and doing a 5-year mentorship with IBM specializing in Cybersecurity where I get to attend weekly workshops such as Industry visits, in-depth technical skills, and workplace competency training as well as a 1-to-1 mentor to guide me through my journey in Cybersecurity.

 

  1. What do you like the most about the cybersecurity community?

I think the cybersecurity community is the strongest community there is out there.  One example of this is instead of selling zero-days exploits in the black market from millions of dollars, we give our research away for free to make the world a better place. My favorite thing about the cybersecurity community is that people are always willing to share their knowledge, especially in each domain in cybersecurity where everyone have to work together in the ecosystem to have an effective security posture. One can’t function without the other such as in red, blue teaming.

 

  1. What do you think are the biggest cybersecurity threats we are facing right now?

I think the biggest cybersecurity threat we are facing right now are in operational technology (OT). A ransomware attack against an Alabama hospital contributed to the death of a bay in 2019. Cyberattack on airlines can ground operations and affect a country’s economy and global supply chain. Nuclear power plants hacked that could have catastrophic consequences.

As international conflicts spill in cyberspace, it is not clear in international law if is legal to cyberattack a hospital or cyberattacking critical infrastructures such as Aviation, Banking & Finance, Energy, Government, Healthcare, Infocomm, Land Transport, Maritime, Media, Security & Emergency Services and Water that will cause significant harm to civilians.

  1. Do you have any advice for aspiring cybersecurity professionals? And what resources you can recommend to get them started? 

First, the 5 principals of hackers by Eric Raymond. 

  1. ‘The world is full of fascinating problems waiting to be solved.’ That means you need to have a strong passion and always be interested in learning new things.
  2. ’No problem should ever have to be solved twice’ If someone has figured the solution out, they should share it with the world. 
  1. ‘boredom and drudgery are evil’ hackers are always lazy, and we should always to ways to automate the boring stuffs.
  2. ‘Freedom is good’ information and knowledge are a human right everyone should have access to. 
  3. ‘Attitude is no substitute for competence’ Becoming a hacker will take intelligence, practice, dedication, and hard work.

 

Personally, I think it is important to have both blue and red teaming skills rather than just focusing in red or blue. From my experience working as a soc analyst, understanding various TTP (tactics, techniques, and procedures) used by red teamers helped me triage, analyze and validate incidents far more effective and understand the attack faster and from the red team perspective, understanding blue team structures can enable you to obfuscate and evade detection from EDR, firewalls, IDS and IPS. 

Linux is also an important skill to acquire. 96.55 of web servers in the world uses Linux OS. There are tons of Linux favors out there for free, for me, I started on Debian because kali Linux is based on Debian, and it is awesome!

Some resources I would recommend are HackTheBox, TryHackMe, VulnHub platforms, reading up on Microsoft patch Tuesday documentations, following Security researchers and ethical hackers on their social media, learning through certification like CISSP, CEH, Comptia security +. 

 

  1. If you could give our readers one piece of advice on how to safer online, what would it be?

Always assume zero trust with three important principals.

  1. Defense-In-Depth. Always have multiple layers of security. Usually in our houses, we have more than a door or a date to keep us safe. The same should be applied for our Cyber safety. For end users it could be enabling multi factor authentication and for enterprise environment, it can be having screen subnet firewalls and EDR (endpoint detection and response) features. 
  2. Minimized attack surface. We should keep our public facing networks and information as less as possible.
  3. Least privilege. Only give permission that are required.
  4. Having antivirus software’s on all your devices is a good practice too. If you don’t have antivirus software, using online tools like virustotal and help you to stay safe. 

 

Thank you so much Jason for everything you shared with us. It would be nice to meet more talented individuals like yourself who are confident enough to venture out as themselves. You certainly have the talent, the experience and knowhow to further yourself and guide others further. Speaking of guiding others, visit Jason’s website and get to know more.


Leave a comment

Please note, comments must be approved before they are published

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.