As the saying goes, do what you love and you won’t ever have to work a day in your life.
Bryan Phee was a first-year Engineering Science undergraduate when he entered his first capture-the-flag (CTF) cybersecurity competition.
CTF competitions require participants to pit their skills against each other in a battle to complete a challenge or as many challenges as possible within a given amount of time.
“The nature of these CTFs is to use one’s knowledge, resourcefulness and all sorts of creative ways to hunt for flags that are hidden,” shared Phee.
Although he did not win his first challenge, he was hooked.
“It’s like playing detective,” said Phee of what draws him to such competitions, which he has continued to play even after graduation.
Through the competitions, Phee was drawn into the arena of cyber security which inspired him to pursue his further studies and career in the field.
“It started off purely out of interest but reading more about the field of cybersecurity and learning more about its importance made me want to dive deeper into it as a career.”
That impetus drove him to pursue a Masters in Electrical and Computer Engineering at Carnegie Mellon University and from there, he landed a job at Centre for Strategic Infocomm Technologies (CSIT) as a cybersecurity engineer, a position he has held for the past two years.
CTFs and mobile security threats
“There are really tough CTFs that even Cybersecurity professionals find challenging,” said Phee.
One such CTF is the annual TISC (The InfoSecurity Challenge) organised by CSIT which will be held from Aug. 26 to Sep. 11.
Sharing more about TISC, Phee said, “The whole competition is made up of multiple challenges in increasing order of difficulty. These challenges cover a range of Cybersecurity topics such as Web Pen-testing, Forensics, Reverse Engineering and Mobile Security, just to name a few.”
One of the levels is a challenge on Mobile Security which Phee helped to create.
“Mobile security is something that affects most of us, and yet, not many people really understand enough about it.”
Besides transitioning from competitor to creator, another highlight of Phee’s job at CSIT is that he is able to “play” with all the latest mobile devices — the word ‘play’ being a pseudonym in Phee’s world for conducting research into the security features of the devices.
The aim? To uncover hidden dangers that could harm users or even threaten the security of our nation.
The aspect of reverse engineering is what pique’s Phee’s interest the most.
Much like why he loves participating in CTFs, the thrill, as he puts it, is being able to “look under the hood” of systems and devices to understand their vulnerabilities.
“It’s kind of like a puzzle, like if [the system] says it is doing something, what else is it doing?”
Common cybersecurity concerns
Naturally, working in the field of cybersecurity also means Phee is the default IT helpdesk in his family.
And one of the most common issues they consult him on has to be suspicious-looking emails.
“My family will sometimes get spam and phishing emails. If they find something fishy, they’ll come and ask me for my opinion,” said Phee.
The “rule of thumb” according to Phee, is to always be wary and err on the side of caution as phishing attacks are “quite common these days”.
Phee reckons it’s among the three largest threats that people face today, the other two being ransomware and identity theft.
Loss of life due to cyber security lapses
In fact, a ransomware attack on a German hospital in 2020 left one of the deepest impressions on Phee.
What made the case harrowing is that a patient was reported to have died as a result of the disruption to emergency services, causing her treatment to be delayed.
While it was eventually determined by investigators that the hackers were not directly responsible for the 78-year-old woman’s death, German police, however, warned that it was only going to be a matter of time before cyber attacks lead to tragic consequences.
“Why [the case] really struck me is that we tend to think of cybersecurity problems as having financial consequences. But never really something like a loss of life,” Phee shared.
Phee hopes that through CTFs like TISC, more people would appreciate the importance of cyber security and the work of those in the field.
“I feel like cyber security is a very fascinating field where you get to work and grow with super talented and passionate people,” remarked Phee.
And even if one doesn’t win, there are still many positive takeaways from CTFs.
Said Phee: “The good thing is, after the competition, a lot of these winners will share their thoughts and strategies in arriving at their objectives.
“So to me, it is a great opportunity to understand how others think, learn something new, and improve my skills.”
TISC (The InfoSecurity Challenge) is an annual online challenge organised by the Centre for Strategic Infocomm Technologies.
It provides opportunities for interested Singaporeans to put their cybersecurity and programming skills to the test by solving challenging puzzles against the clock.
For a taste of last year’s toughest challenge, check this out.
TISC 2022 will be held from Aug. 26 to Sep. 11 and registration remains open till Sep. 11.
Register now at https://go.gov.sg/tisc2022.
This article is sponsored by CSIT.