Updates from February, 2020 Toggle Comment Threads | Keyboard Shortcuts

  • Justin Pineda 3:15 pm on February 8, 2020 Permalink | Reply
    Tags: cybersecurity career, high demand, IT security, low supply, skills gap   

    Tips and Reasons: A Career in Cybersecurity 

    Is there a career in IT Security/Cybersecurity in the Philippines? – This is the question that is always asked when I give workshops or lectures in the academe. I always answer an astounding “yes.”

    Here are the reasons why:

    • Reason #1: There is a need for cybersecurity professionals because of the increasing number of cybercrimes and data privacy issues.

    We see the news every day, from global news such as the Bangladesh Heist and the San Bernardino shooting, or high-impact news such as the Equifax data breach to local ones such as when the UST Hospital was defaced or when a Public School Teacher’s identity was stolen. No matter how big or small these issues are, a key discipline required is in cybersecurity. There will always be a need for cybersecurity professionals

    • Reason # 2: The demand for cybersecurity professionals is high while the supply is low.

    Various reputable sources say that a lot of cybersecurity roles remain unfilled. According to CSO, there were a million cybersecurity roles that remained vacant in 2014. It is also predicted that there will be 3.5 million cybersecurity jobs that will remain vacant by 2021. 

    ISACA and CyberSeek concur with these trends. At the same time, the cybersecurity unemployment rate is 0% in 2016 and is expected to remain at 0% until 2021.

    How to build your cybersecurity career?

    • Answer #1: Shape your career to be difficult to replace and high-value adding to the industry.

    This idea is not only applicable to cybersecurity but for any role in general. In the human capital matrix, the “easy to replace and low value-added” roles are sure to be automated. “Easy to replace and high value-added” can be outsourced on the other hand.

    A lot of the usual triage or customer service support is already replaced by chatbots that can trace your problem without missing any questions for diagnosis. In the same way that traditional Security Operations Centers (SOC) have matured with the help of Machine Learning (ML) and Analytics that the old Security Analyst roles have already been replaced with more proactive tasks such as threat hunting and intelligence.

    • Answer #2: Assess yourself in the following aspects: Desire, Ability, and Practicality

    I have always shared this in career talks- Desire, Ability, and Practicality are things that you have to seriously consider when choosing a career path. For cybersecurity, it is very straightforward. A lot of the roles require the cybersecurity professional to be critical, stealthy and skeptic. In the ability angle, the cybersecurity professional has to have knowledge of programming, networking and system administration to name a few. Lastly, there are so many opportunities for the cybersecurity professional that the practicality aspect is not a problem. I usually use the practicality question for those who intend to study very unique courses with little to no opportunities after graduation.

    • Answer #3: Start your career with operational roles going to management roles.

    I started my career as a Security Analyst in a Security Operations Center (SOC) in a US company that caters to more than 500 financial institutions. The work was demanding and there was so much to learn- searching for logs, communicating with clients specifically C-level executives. , classifying which alerts are true and false positives, meeting the SLA, optimizing the SIEM, conducting QA on devices, etc. Our shift back then was 12-hours long and I spent the majority of my stay there in the night shift. The work was very tiring and not advisable for the older and/or family guys. But that stint helped me boost my cybersecurity career.

    In my next work, I learned other domains in cybersecurity. I did risk management and a lot of vulnerability assessment and penetration testing (VAPT). Afterward, I moved to handle administrative tasks and became part of the management team creating programs and projects to strengthen cybersecurity in the organization.

    I strongly believe that to be a good IT security leader, you must have a solid understanding of some important domains in cybersecurity. Management training alone may not be enough because of the cybersecurity’s nature that requires you to have experience working with frameworks and tools. Although you will not be configuring the tools on your own, it will help you in your decision-making if you will buy the tool/s based on the business requirements of the organization.

    • Answer #4: Invest in education and certifications.

    I am not a fan of comparing universities and claim that one is superior to the other. I’ve met a lot of outstanding cybersecurity professionals from all over the world. Some came from the known schools while some graduated from relatively new schools. Some didn’t even finish their degrees but they are great at work.

    Obtaining a college degree is a qualification (usually first in the list) in most cybersecurity jobs. Other than a qualification, I think significant experience is a better measurement of cybersecurity mastery. Schools may try to provide the best lab for the students but it is still different in the real-world. Cyber attacks don’t have scope and limitations. They just hit and harm.

    Lastly, I personally think that certifications are important too. Aside from that, it is also a qualification, it helps you learn the body of knowledge in a standardized and systematic manner. It will also validate what you know and give you more inputs to advance your skill. I know there are different schools of thought on certifications and I agree with the important points. I even wrote a blog entry about it. But there are far more advantages to taking them to equip people with the right skills and knowledge for the job.

    You can view the IT Certification Roadmap from CompTIA for a guide and sample here.

    So what are you waiting for? Start your cybersecurity now!




    You can download my presentation slide on this topic here: A Primer on IT Security Career Privacy and Ethics v1.


  • Justin Pineda 7:42 am on March 21, 2016 Permalink | Reply  

    A Primer on Ethical Hacking & Information Security for Senior High 

    In partnership with the Admissions and Marketing office of Asia Pacific College (APC), I was invited to give a short talk on Information Security education to incoming Senior High students. Students from different schools attended the seminar.

    Slides used in the seminar can be downloaded here: A Primer on Ethical Hacking & Information Security

  • Justin Pineda 7:35 am on March 21, 2016 Permalink | Reply  

    Ethical Hacking & Information Security for PATTS faculty 

    Last Feb 25, 2016, I was invited by PATTS to give a talk for their faculty members about Ethical Hacking and Information Security. I would like to thank their VP for Academic Affairs, Engr. Lorenzo Naval and VP for Student Affairs Dr. Emelita Javier for the heartwarming accommodation in your school.

    To view my presentation for the event, you may see it here: PATTS_Ethical Hacking & Information Security

  • Justin Pineda 1:15 pm on August 11, 2015 Permalink | Reply
    Tags: , information security, patts   

    Information Security & Ethical Hacking 101 @ PATTS 

    Last July 31, 2015, I gave a talk about Information Security and Ethical basics at PATTS College of Aeronautics in Paranaque City. It was quite challenging because the audience were not familiar with IT concepts.

    I started by showing them local news about hacking data in banks. Then I established the need for the information security field. I discussed the core concepts of information security.

    I also talked about the steps in ethical hacking and the reason why it has to be conducted routinely. Lastly, I stressed the need for a cybercrime law that will protect our data handled by third-party organizations.

    The presentation I used and created can be found here: PATTS_Infosec&EthicalHacking101

    Special thanks to Prof. Diana Lachica for inviting me to their campus. 🙂

    Photo Credit: Ashley Dy

    10984111_1030960710256090_2495478400270029599_n 11145182_1030960843589410_5172429549901189908_n 11693961_1030960750256086_6222822229063846860_n 11813264_1030960723589422_614397325621181618_n 11822705_1030960820256079_7745031637066193848_n

  • Justin Pineda 6:53 am on July 1, 2015 Permalink | Reply  

    Detecting Command and Control Traffic Using Botnet Correlator Module 

    Last June 8, 2015, I presented a paper entitled “Detecting Command and Control Traffic Using Botnet Correlator Module” in Kuala Lumpur, Malaysia. The paper was a product of a project in APC together with my students in INFOSEC. The trip was entirely sponsored by the school (thank you so much!) and the experience was very unforgettable.

    Going to Kuala Lumpur

    I rode a Cebu Pacific plane going to Malaysia last Jun 7 in NAIA Terminal 3. As usual, the airport was jampacked with people. The flight was around 4 hours long and arrived at the KLIA2. I then rode an express train (20-minute train) going to the downtown KL.

    I met my former officemate in the Philippines who is already working in KL. He toured me around KL (Petronas, Jalon Alor) and brought me to the hotel, Melia Hotel.


    With Ashley Dy in front of the Petronas Towers (thanks Alfred for the picture)

    Conference Day

    It’s a good thing that the school booked in the hotel where the conference will be held. The parallel sessions started at 8am. It was my first time to present in an international conference and I was very nervous. The presenters were mostly Muslims coming from Malaysia, Indonesia, India other neighboring countries. The participants were very friendly and excited too. I met 2 other professors from the Philippines, Terry from UP-Diliman and Marylene from MUST in Mindanao.

    With Terry from UP-Diliman (leftmost ) and Ederlyn from MUST (2nd from the right) after the presentation.

    With Terry from UP-Diliman (leftmost ) and Ederlyn from MUST (2nd from the right) after the presentation.

    I attended and listened to the keynote presentation of Dr. Rozhan Mohammed Idrus who discussed about “IT Education and Its Impact to the Society.” He coined the term, “technogogy” which means blending in of technology to the teaching pedagogy. In essence, Dr. Idrus pointed out that teachers and the curriculum must be able to adapt with the technological advances in today’s world.

    My presentation was scheduled in the afternoon. The paper is an applied research on how to detect Botnet traffic in a Local Area Network (LAN) using Snort and aggregated reputable Botnet sources.

    The presentation lasted for 10 minutes. The PDF presentation can be found in this link: BCM_Presentation.

    11251047_1002485706436924_4995811343764475449_n 10622713_1002485633103598_4000319264568441150_n 11427220_1002485729770255_498091567338954458_n

    I went to fetch my girl friend in Pavillion Mall and ate dinner there. We rode Uber going to another mall outside KL called Publika.

    Last day in KL, walking around the city

    Our third and last day in Malaysia was spent in touring around the city by foot. We went to Mydin, where wholesale products are sold. We bought a lot of Cadburry and other chocolates.The place was not very classy thought. We walked to Low Yat, a technology/gadgets mall. We then walked to the KLCC area and visited Kinokuniya. We checked out then rode Uber to the train station going to KLIA2.

    Uber ride to Ritz Carlton

    Uber ride to Ritz Carlton

    Over-all experience

    I heard a lot of negative stories in Malaysia (dangerous at night, a lot of street clubs, ill-mannered taxi drivers, snatchers riding motorcycles etc.) but I haven’t experienced those stories. Maybe they have already changed? Or I’m just used to living with a similar environment in the Philippines? I don’t know. The experience was great. Their express train is very convenient and spacious. The establishments offer items both expensive and cheap depending on your budget.

    Infosec books at Kinokuniya

    Infosec books at Kinokuniya

    Since I did not want to experience the horror stories in the taxi, I always used Uber for the transpo around the area. Malaysia has more Uber cars compared to the Philippines.

    In terms of value for money, I can say your money has a big value in their country.

  • Justin Pineda 6:57 am on March 1, 2015 Permalink | Reply
    Tags: ccs week, network security, pamantasan ng lungsod ng pasig   

    Protection through Network Security 

    Last February 26, 2015, I gave a talk at the Pamantasan ng Lungsod ng Pasig for their CCS Week. It’s my first time to go there and to that part of Pasig City.

    I was very fascinated by the campus because the classrooms and facilities are state-of-the-art. Also, the CCS students were very hospitable and accommodating during my stay.

    My talk was about protecting your network through Network Security and discussed some types attacks and countermeasure. I started the talk with the latest security news on Superfish which affected Lenovo products. I also encouraged the school to participate with JISSA (Junior Information Security Systems Association) which can help the schools learn the IT trends in information security.

    You can download my presentation here: Protection through Network Security

    Photo credit to: Jhes Ter Ladera


    I really am happy! haha


    Discussing Defense-in-Depth (layers of security)


    w/ the 3rd year student organizers of the program


    Thanks for the caricature! Need to work on my exercise to achieve that weight. Beside me is Ms. Noreen Archangel, Dean of CCS.


    Superfish on Lenovo


    w/ Bernadine Bacolod, one of the lead organizers of the event


    Determine if it is a Confidentiality, Integrity or Availability issue

    1498966_10204873564230223_4517240199710062473_o 10371184_10204873577590557_2425693782663756280_o 10982595_10204873579990617_5053876611928926870_o 10991549_10204873537869564_2844852222877505467_o 11002699_10204873495268499_1573140387248946129_o

  • Justin Pineda 12:50 pm on February 5, 2015 Permalink | Reply  

    Infosec: Discipline and Opportunities at LPU Batangas 

    Last February 2, 2015, I was invited to conduct a talk during the CCS Days of Lyceum of the Philippines University (LPU) in Batangas City, Batangas. It’s a 2-hour drive from Quezon City to Batangas City with more than 100 kilometers from my place to the venue.

    What I like about Batangas City is that it’s very clean and people are very orderly. The place didn’t look much of a province at all! It looks very progressive.

    I was supposed to focus on Ethical Hacking. However, I learned that the theme was “CCS: Practicing Theories towards ASEAN Integration.” I introduced Information Security as a discipline and introduced career opportunities to students especially for those graduating ones.

    Photo credit to the student photographer of LPU-Batangas.


    With the Department Chairs, Tina & Mischelle (from left), and Dean Roselie Alday,


    With Ernesto Boydon, my colleague in APC and the second speaker.


    With Irene Balmes, my former colleague in APC

    10965543_10205887667929726_1758397814_n 10965927_10205887668009728_1338855883_n 10965467_10205887666449689_936184996_n 10966514_10205887667329711_802150987_n 10961925_10205887667649719_1207230235_nYou may download the slides of my presentation here: Information Security Discipline Opportunities

  • Justin Pineda 5:19 pm on December 21, 2014 Permalink | Reply  

    Ethical Hacking Workshop with SSS 

    Just this December, I was invited by DynamicMinds Business Solutions to conduct a 5-day Ethical Hacking Workshop in Makati. The participants in the workshop were employees of Social Security System Philippines. I followed the curriculum of the Certified Ethical Hacker by the EC-Council. We had lecture and discussion, assessment per lesson and lab exercises.

    Over all, the workshop was great! The participants were very active and the discussion was interactive.

    Photo Credit: Eden Dungca


    Lecture time.


    After the 5-day workshop, they look fulfilled!


    Remembering the OSI and the network devices.


    Lab exercise time


    Light moments during the workshop

    10402587_900822679936561_332706450880114876_n 10003894_900822529936576_8764707224670948776_n

  • Justin Pineda 2:40 pm on December 2, 2014 Permalink | Reply
    Tags: secure web application coding workshop bancnet bitshield   

    Secure Web Application Coding 

    I had a chance to give a training on Secure Web Application Coding under Bitshield Security. The company is a training and consulting center.

    The first training I conducted was on October 2012 in their office in Shaw Blvd, Mandaluyong. The focus of my talk back then was on the OWASP tools and best practices.

    The participants were relatively young and new to information security. The whole training was useful for the participants because they are developers. The good thing about it was that OWASP best practices can now be incorporated in their projects.

    (Photos courtesy of Bitshield)


    The participants look very serious. (and they know somebody’s taking their photo!) hehe

    I really like writing something on the board! haha

    I really like writing something on the board! haha


    Giving a talk all day will make you tired. I need to sit from time to time.

    531131_446288135407101_209406624_n 602456_446288015407113_1985333081_n

    The second workshop that I conducted was for Bancnet. The training was customized and focused more on secure coding and more application-based approach. I included Payment Card Industry (PCI) Standard as one of the key topics in the discussion.

    Getting to know the participants

    Getting to know the participants

    374693_513570998678814_1155381997_n 381483_513570825345498_1301883168_n 381519_513571468678767_1921722547_n

    In-house training in their office

    In-house training in their office

    935184_513569948678919_226485340_n 935212_513571542012093_1462015745_n 942278_513569702012277_95381743_n

    Demonstrating a source code analyzer from OWASP

    Demonstrating a source code analyzer from OWASP


  • Justin Pineda 8:06 am on December 1, 2014 Permalink | Reply
    Tags: cspc nabua bicol youth congress   

    4th Bicol Youth Congress in IT 

    I was invited to join and give a talk in an IT Youth Congress last November 2013. I came with my colleagues, Ernesto Boydon and Noel Anonas from Asia Pacific College (APC) Makati City, Philippines.

    The event was held in Camarines Sur Polytechnic Colleges in Nabua, Camarines Sur in the Bicol Region.

    The key points of my talk are:

    1) Define ethical hacking (specifically to answer the question: Is there such thing as ethical hacking?)

    2) Information Security as a discipline. I included this as a key point because majority of the audience are either Computer Science or Information Technology undergraduates. I wanted them to know that Infosec exists and there are a lot of career opportunities for them in the said field.

    3) The need for cybercrime law. I obviously had to emphasize the need for a “real” cyber crime law that will protect the people especially their virtual assets.

    The PDF version of my presentation can be downloaded here: 4th BYCIT Presentation

    I really enjoyed my stay in Nabua. I would like to thank the Camarines Sur Polytechnic Colleges for sponsoring my trip there!

    Speaker's profile

    Speakers Profile in the Invitation booklet for the 4th BYCIT

    A talk on Ethical Hacking

    A talk on Ethical Hacking

    Discussing reconnaissance, the first step in hacking.

Compose new post
Next post/Next comment
Previous post/Previous comment
Show/Hide comments
Go to top
Go to login
Show/Hide help
shift + esc
%d bloggers like this: