The Singapore ISACA Student Groups (TP, SP, NYP) came together on the Saturday, 30th March 2013 for a Joint Institute of Higher Learning (IHL) event themed “Road to InfoSec Professional (Learning Journey)” at Singapore Management University (SMU).
Firstly, Mr Tong Seng Chee, the director of Academic Outreach ISACA (Singapore Chapter) shared about how the organizing committee took 4-5 months to organize this event, wishing that the future generations would continue organizing it. There are a total of 3 ISACA student groups that are recognized in Singapore out of 16 ISACA student groups worldwide. Mr Tong encourages the participants to “Never say no”. Take up the challenges and opportunities and that the key thing is not what you know but the resources that you can find.
Next, Mr Lenoard Ong, the president of ISACA (Singapore Chapter) shared his story on how he started working from network security to project management. Mr Ong shared that “A good mix of technical skills and soft skills will be beneficial for your career” stating that companies can do a lot more with security such as iBanking.
Thirdly, Mr Ryan, a penetration tester in security.assessment.com. Mr Ryan shared his experience as an intern system administrator, moving to an IT administrator before being a penetration tester in Singapore. He has various experiences working in Indonesia, Thailand, Japan, Singapore and New Zealand.
Last but not least, Mr Teh KaiWen shared his experience in TP where he took up IT security which is an advantage as he learnt both programming and security. He joined ISACA Student Group (TP) during his junior year and became the president in his senior year.
After a short break, Lightning talks were given by the different students from the different student groups. Firstly, Nicholas started the lightning talk by presenting on Infocomm Security, the approach to learning how different exploits work by using a bottom up approach. Next, Jeremy continued the lightning talk by presenting on “Bypassing Python Sandbox Security”. After Jeremy, Wee Kiat continued by looking at binary from a different way, “File Type Binary Data Visualisation”.
Next, Verbena Ong and Gerald Quek from TP shared about the “Facebook Forensic Toolkit v2.0”. Originally created by Teh KaiWen, the 2nd version of Facebook Forensic Toolkit includes a graph and word cloud generator that can be used to help the SPF narrow down suspects for a crime. After the “Facebook Forensic Toolkit v2.0” talk, Lim XiuMei, Tan Heng Yeow and Tan Chuan Yang from TP shared about the “Cold Boot Project” which was used to obtain the memory of the RAM and compare the rate of decay before an image is totally lost on the RAM.
After the sharing by TP students, Yong Xiang from NYP shared about password auditing. Technology advances and password auditing has moved on to cloud cracking where the hash must be submitted online. Yong Xiang shared that the complexity of a password is much more important as compared to the length of the password.
Last but not least, Choon Heng from SP shared about social engineering. It is easier to get password by knowing the person as mentioned by Choon Heng. One example is whereby the security questions that are usually used to reset or change password, “Who is your best childhood friend?”. According to Choon Heng, you can get close to that person and just ask the answer straight. One thing that the divisor engineers have is confidence. Common techniques such as familiarity exploit and creating a hostile situation can be used. Lastly, using the advantage of human tendency to trust, it is easy to obtain any password from a person.
After the lightning talks by the students from different schools, Mr Tong end off the event by sharing that new exploits are generated everyday so even if the IT students have graduated, they can still continue learning in order to counter these exploits.