University of Waikato Master of Cyber Security student Michael Tsai is a professional hacker. He spends his days trolling client systems, searching for weak spots in IT systems; the places where cyber attackers can enter and create mayhem in the online world of business.
Michael describes himself as a “white hat hacker”, one of the good guys, as opposed to “black hat hackers” or cyber criminals that are becoming increasingly known in New Zealand for holding businesses to ransom once they do manage to infiltrate IT systems.
Since graduating with a Bachelor of Computing and Mathematical Science from Waikato, and completing his Masters’ dissertation, Michael has been working for Wellington based IT security company, ZX Security.
Within his first two months working at ZX Security, Michael found a major vulnerability in a large Content Management System (CMS).
“We had a client that had come to us to have their website tested for vulnerabilities. I found a cross site scripting vulnerability after some research,” says Michael.
The cross site scripting issue meant that if a cyber attacker sent an email with a malicious link to the website administrator, and they clicked on it, the attacker could gain access and total control of the website.
“We initially thought the vulnerability was site specific, but it turned out to be the entire CMS system, so anyone that was using that CMS for their website was vulnerable to this attack.”
The vulnerability was raised with the CMS provider, was fixed immediately and is no longer an issue.
It was Michael’s first zero-day vulnerability, a type of vulnerability that has never been found (or publically disclosed) by a cyber security consultant previously.
“There was definitely a real sense of achievement in that one,” says Michael.
Cybersecurity is a growing industry in New Zealand. Cyberattacks, once more prominent overseas, are becoming more common in New Zealand and are making headlines around the world. Attacks like the recent ransomware attack on the Waikato DHB computer system, or attacks in 2020 on the New Zealand Stock Exchange are becoming more regular in New Zealand, says Michael.
“It’s an industry that is constantly changing and I like that no two days are the same,” says Michael.
“You are always learning on the job and there is always a real sense of achievement when you find vulnerabilities in a clients’ systems and are able to help them mitigate the issues.”
His time at Waikato prepared him well for working in the industry, he says, and he chose Waikato after moving from Taiwan.
“I really enjoyed my time at Waikato, the papers offered were very good and the lecturers and labs really provided the fundamentals in Computer Science.”
Michael was also employed to manage the University’s career services IT during his time studying which was his first entry into the workplace.
“I would definitely recommend Waikato for anyone interested in studying cyber security, it is a great programme,” says Michael.