Having earned $ 3 million by providing a service to steal users' identities before being arrested by the US Secret Service in 2013 and sentenced to 7 years in prison, Ngo Minh Hieu (aka Hieu PC) is still improving. Create yourself to pay for the mistake.
The US government once described Hieu PC as "one of the most notorious thieves ever pardoned in a federal prison". Working in cybersecurity, often dealing with sensitive data and facing many temptations, Hieu PC thinks about his days in prison and is steadfast on his journey to become a cybersecurity expert and help the community.
Hieu PC is finishing a book that collects diary entries about his days in the US - which reminds him to start over to become an expert, not a cybercriminal. In a conversation with Dan Tri , Hieu PC first shared stories about the cybersecurity industry.
s network security currently a "hot" profession? Can you reveal what it means to be a cybersecurity expert specifically?
- Cybersecurity is really a "hot" industry in the field of information technology, which is interested by many young people and interested in Vietnamese and international organizations, companies, corporations as well as the world.
When it comes to network security, people often have a vague feeling because it has high security, but in fact this is a very broad industry. It is a small segment of the information technology industry, but there are also many sub-categories in the industry. Specifically, it is possible to research, find security holes, investigate digitally, protect network systems, warn of security holes...
So is this an industry with a "terrible" salary?
- In Vietnam, usually a cybersecurity expert has a salary of 10-40 million VND/month. For those who just graduated, it is about 10-20 million VND. For people with 3-5 years of experience, the salary will be from 3,000 USD/month (equivalent to more than 71 million VND). Those with high salaries often work in cybersecurity in the financial sector, manage cybersecurity risks, provide troubleshooting procedures, etc.
Are the above numbers just a hard salary, and does a cybersecurity expert have a level of "earn in, earn out" that others don't know about?
- Exactly. Cybersecurity professionals who can find security holes can earn $10,000-20,000 per month.
Large corporations like Microsoft or Apple can be paid bonuses up to $50,000-100,000, with payouts up to several hundred thousand dollars or even several million dollars.
With vulnerabilities on the blockchain platform, if discovered, you can be rewarded with a lot of money.
However, in Vietnam, the number of people who receive a large payout is only counted on the fingers, mainly leading experts, reputable in the cyber security environment.
Technology changes every day, do cybersecurity professionals have to learn a lot?
- Technology is updated daily, hourly, all hacks are related to technology, hacking techniques are constantly changing, so we always have to update news through social networking platforms. such as Twitter, Telegram, Linkedin... to grasp the cybersecurity situation, and at the same time consolidate knowledge.
Such a high salary, a large amount of work, many people are curious about so much money, when do you spend it?
We are human too, there are times and times . I also have to spend time. I also often spend weekends with my family and live a normal life.
Cybersecurity work is not just sitting still. Wherever there is a computer, work can be done. If there is no wifi there, you can still use 4G. Cybersecurity professionals always find a way to solve problems.
As you said online scams happen every day, no one can predict what will happen tomorrow, is this a non-KPI job?
- Yes, work and study are balanced and done every day. No system is safe. We work every day and have a simple goal of helping society as much as we can.
Cybersecurity is a profession that sometimes has to think about the community more than the individual, have you ever lost your connection with the people around you?
- Not really. In fact, I find that thanks to my profession, I connect with people more. I still keep sensitive information, and those who need help are always ready to create a connection with them. Many people who are not tech-savvy, especially the elderly, give them a networking opportunity.
Working at the National Cyber Security and Monitoring Center also has many interesting "missions", but due to the nature of the work, it is not possible to share more at the moment.
By industry group, in your opinion, which group receives the most reports about security holes? Previously, he shared with Dan Tri receiving dozens of emails reflecting bank fraud every day.
- Banks and financial institutions are the industries most frequently attacked by hackers, not only directly but also in the direction of customers. They create many ways to steal information, accounts.
In fact, banks in Vietnam have a good level of security, professional investment in the model of foreign countries, especially those interested in digital transformation. They also have a cybersecurity defense system, a cybersecurity monitoring room, and a team of experts in digital forensics and vulnerability research.
But no matter how big the investment, there are always loopholes. Hackers don't leave anyone out.
What about businesses in general?
- Depending on the size of the business, often businesses with large data sources about customers will invest a lot in technology and network security. Small and medium enterprises in Vietnam have not paid much attention, they still underestimate the protection and defense of the system.
A survey by the Vietnam Information Security Association with 147 units and enterprises in 2022 shows that 65% of organizations have a ratio of investment funds for information security below 5% of the total investment capital for information security. Information Technology. In your opinion, is this investment level enough to be safe?
A large enterprise should invest more in technology, 5% in my opinion is less. Large corporations should invest in technology and network security from 10-15% of the total investment capital.
Not every business with a lot of money can avoid network security risks?
- Exactly. No business can keep a system 100% secure. They have to invest in many things, from people to technology systems, not to mention regularly re-evaluating the system.
Vulnerabilities always exist. Just because everything is safe today doesn't mean it will be tomorrow. The investment is also not only in money but also in knowledge for employees to know what cybersecurity situations they need to avoid. Those who are not cybersecurity experts should also regularly learn to protect their own companies.
People and technology, in your opinion, which factor is more important?
- People. Humans give birth to technology, so a large corporation invests in good technology, good security, but to take advantage of the loose human factor, it can be hacked through that way. Recently, Uber's system has been attacked by hackers, partly because employees are subjective in the situation of being attacked even though the company itself is technologically fine.