On 3rd January 2013, Singapore Polytechnic Information Systems Audit and Control Association Student Group (SP-ISACA) held its first ever ISACA Day at the newly opened Cyber Wargame Centre in SP. During this event, professionals from the field of Information Security (InfoSec) were invited to share about a wide range of topics, ranging from various know-hows in their line of expertise to their personal experiences in the field. In addition to the sharing session, the event also included the prize presentation for DISM’s first ever CTF (DISM CTF-X) and a workshop on Privilege Escalation, which was conducted by student trainers from SP-ISACA.
The event started off on a lively note, as many eager attendees gathered in the premises of the Cyber Wargame Centre in anticipation of the events to follow. To put things into context, the day started off with Mr Jamal Sheik, Director of Program (Seminar) of the ISACA Singapore Chapter giving introduction of ISACA to the attendees of the event. Mr Sheik went into great detail to explain the philosophy behind such an organisation, what they hoped to achieve, and also touched on some of the events organised by them. In addition, he also highlighted the existence of the ISACA Student Group which is branch of ISACA which caters to its student members. Besides covering the benefits entitled to members of the ISACA Student Group, he went on to mention the key idea behind forming such a group – to form a network of students, allowing them learn from each other beyond the confines of a classroom. The contents of Mr Sheik’s speech clearly resonated with the interests of a number of student attendees as quite a number of students proceeded to the membership booth and signed up as students members througout the entire course of the event.
Following the speech by Mr Sheik was a sharing on the “Success Factors on Information Systems Audit” by Mr Ho Shee Yan, Head of Audit at the Accounting & Corporate Regulatory Authority Singapore. Possessing many years of experience as a professional in the auditing scene, Mr Ho shared about the nature of his job and the demands of those who choose to undertake this
profession. Additionally, he brought up some of his know-hows of the profession, covering certain dos and don’ts in the field. This proved to be valuable information to a majority of the student attendees as it was closely related to one of the modules covered in their course. For the others, it served as an enriching food for thought, especially those aspiring to become information system auditors in the future.
The next sharing was conducted by Mr Huynh Thien Tam, Manager of Security Assessment Advisory at KPMG Singapore. During his segment, Mr Hyunh gave a detailed account of his days as a penetration tester and highlighted some of the many aspects of the job which he enjoys. He also brought up some of his achievements which ranged from fruitful participation in several security technology competitions to the discovery of multiple zero day vulnerabilities with his team later in his career. As he spoke about his conquests, much of the crowd was intrigued as they witnessed a story about how a simple passion of his led to the successful career he has today.
Though the end of Mr Huynh’s session marked the end of the sharing sessions for the day, there were still a number of activities to come. To thank all the speakers for the invaluable knowledge they imparted to the attendees, Mr Liew Chin Chuan, the course manager for DISM presented them with tokens of appreciation. Following this, it was now time to present the prizes for the DISM CTF-X Season – a CTF competition co-organised by the SP-ISACA Student Group and DISM Special Interest Group. As the names of the winners were called out, their faces brimmed with joy as the proceeded to collect their well-deserved prizes which were presented to them by none other than DMIT’s Director Ms Georgina Phua. To conclude the session, Mr Sheik then presented a plaque to the SP-ISACA Student Group to thank them for all the hard work in organising this enriching event.
After a session of refreshments and a lucky draw session, it was time for the second segment of the day – the privilege escalation workshop. Although there were not a very large crowd who stayed behind for this workshop, those that remained were extremely eager to pick up anything they could gain from the session, which was organized and conducted by SP-ISACA student instructors. Through the mentorship of the two knowledgeable trainers, attendees were guided through the privilege challenges from Nebula, a virtual machine which can be found at expoilt-exercises.com. The small class size played to our advantage as the session was carried out very smoothly, thus it was both a fun and enriching experience for all the attendees of the workshop.
All in all, ISACA Day 2013 was of utmost success. It could be seen that many of the students thoroughly enjoyed the session and had a valuable learning experience. Hopefully, such an event could be carried out for the many years to come.
Pictures captured by Dixon Soo, dedicated photographer for ISACA Day @ SP
Coverage adapted based on write-up by Nikolas Tay, ISACA student member