Retrenched at 54, Alvin Koh learned to be a white hat hacker from scratch and now gets paid to uncover security loopholes for his clients

It is tough to lose your job when you are in your 50s – especially when you are drawing a cushy pay check with a multi-national corporation. That’s what happened to the 55-year-old, who was laid off last year after 17 years as a systems engineer with a multinational technology company. Instead of wallowing in self-pity, Alvin took the setback in his stride and did some serious thinking about what to do next with his life.

“Many possibilities ran through my head, from starting a restaurant to looking for a similar position with another company, as well as learning new skills from scratch,” recalled Alvin. But he did not want to continue being a database or systems engineer, a tech profession he had been in for over 30 years.

“I was realistic about my chances of getting back into the similar sector, enjoying the same benefits as before. I decided that this was a great opportunity and the right time to try something new, to re-discover new meaning in my career,” said Alvin. He set his mind on cybersecurity, an area of practice that had always intrigued him. He was particularly interested in penetration testing, a branch of cybersecurity where the security professional tests the robustness of computer systems by simulating attacks to breach their security, to uncover security chinks that need fixing.

Even though he had a bachelor’s degree in computer science and over 30 years of IT experience, cybersecurity was a whole new ball game that required specific certification before anyone would hire him to be a penetration tester.

While mulling over his options, Alvin decided to visit a job fair. He walked around the exhibition booths and was attracted to one which had brochures about offensive cybersecurity. While flipping through the brochures, a gentleman came up to him and the two had a chat. It turned out the company was looking to set up a new team of penetration testers and the gentleman was a senior management member of the company.

Interviews followed and two months later, Alvin joined ST Electronics (Info-Security)’s pioneer batch of penetration testers for mission-critical systems. Thanks to the structured Company Led Training (CLT) programme from Infocomm Media Development Authority (IMDA), it made it easier for employers to take a chance on hiring staff without the requisite certifications but who, like Alvin, has prior computer science background and experience that made it easy for them to learn the additional skills and knowledge required to be a cybersecurity professional.

Despite his extensive experience in computer systems and database administration, this new job was no walk in the park. He had to learn fast at work. The structured “on-the-job” training and mentoring scheme by ST Electronics also helped him acquire the skill sets required to jump start his new career. Thankfully, Alvin is an old hand when it comes to “on-the-job” training. Armed with his Bachelor’s degree in Information Systems from the National University of Singapore, he had landed his first job 30 years ago as a systems administrator with American telco AT&T who had an office in Singapore. However, his university studies never taught him anything about the UNIX operating system that powered the enterprise servers at his new company.

“The IT industry moves so quickly that by the time I graduated, 90 per cent of the stuff I had learned was already obsolete. My boss at AT&T gave me a rack of servers, a thick manual and three weeks to figure out how to make it work,” said Alvin.

“Thankfully, I figured it out somehow and did not break the servers which were worth a princely six-figure sum at that time,” he added.

Alvin’s insatiable desire to solve puzzles and figure things out was a lifelong skill that helped him to quickly jump onto the security bandwagon. Just as he had to learn how to work the Unix servers in his first job, he quickly learned the basics of penetration testing.

His expertise in handling computer systems was relevant in his new job as he had a deep understanding of the structure of databases and systems which helped when he had to figure out how to use his new security skills to penetrate them.

“I know everything about SQL databases, so now when I have to use a SQL injection technique, I know exactly what I am trying to penetrate,” he quipped.

Alvin has been on a one-year contract with the company since July 2016. When he started, there were just two other penetration testers in his team with skill sets needed for mission critical systems but now there are almost a dozen. He spends his free time studying in preparation for Offensive Security Certified Professional certification. Alvin knows he is still a novice when it comes to cybersecurity, but he is learning fast and is himself playing mentor to some junior colleagues who joined the company as fresh graduates. His team is hired by corporations and government agencies to look for loopholes and weaknesses in their cybersecurity defences.

While suffering a pay cut that came with the career switch, he is positive about the move he has made and has some advice for other prospective career-switchers.

“Don’t think about how much you used to earn, think about how much value you are contributing in your new job” said Alvin.

He is also thankful for the Company Led Training programme under TechSkills Accelerator (TeSA) Initiative.

“I am where I am now because of the CLT programme. If it wasn’t for it, I would not have been given a chance to learn and be a white hat hacker,” he added.

This article was originally published on Straits Times on 13 March 2017, written by Oo Gin Lee