He has been honored by information security institutions for his contributions as a white-hat hacker.

Pham Thai Son

Why did you decide to study information security?

When I was at general school, I loved to play with computers and liked games. Later, I decided to enroll in the IT Faculty at Hanoi University of Science and Technology.

At that moment, information security was a hot keyword. I liked to discover things and did not like working with codes all day long, so I chose information security.

You are very young. But you are leading a large team.

Our team has 10 members. Besides, I am also leading a group of 20 interns.

I hope that young people now have a better environment than we had in the past. Besides, I like working with young people because I can learn many things from them. Young people always have breakthrough mindsets and they don’t always follow traditional ways.

What are your tasks?

Our task, in simple words, is ensuring information security for the information systems of ministries, branches and state-owned economic groups.

We try to ‘attack’ some certain systems. After we ‘succeed’, we will report to organizations about the existing vulnerabilities, so they can fix the problems before they are attacked by someone from outside. We will also suggest solutions to fix the problems.

Your team has recently made a big contribution to ensure information security for apps to work from a distance. Could you please elaborate on this?

One of the works we have done recently is assessing the information security of the apps to be used for the National Assembly online conferencing.

Previously, the conferences were organized in one place, so the risk for being attacked was low. But now, deputies are in different places, so the risks are higher.

We heard that you have been honored by the European computer emergency response institution for your contribution to Europe’s security in 2020?

I reported an error on the website of the European Commision. This was a bug that allowed hackers to penetrate deep into their deep system.

I am single, and I don’t have many things to do. So, when I am at home, I work with computers and try to find something to ‘attack’. This is also a way for me to improve my ability.

Do you usually do this to ‘tease’ people and institutions like this?

(Smile). The coffee shop we are in now was once ‘attacked’ by me. I often go here at lunchtime and I know they have an app. I found some vulnerabilities of the app and reported to them. They replied very quickly and gave me some vouchers as gifts.

You are drinking the coffee you buy with these vouchers?

(Smile). I don’t use vouchers anymore.

What would you say about the information security levels of the agencies?

I think that as the information systems develop with more equipment, software and users, the existence of vulnerabilities will be unavoidable.

No one can say for sure that the systems are 100 percent safe. No vulnerability is found now, but they will appear just after one or two weeks.

Therefore, systems need to be updated regularly and there should be teams in charge of information security so as to avoid risks.

Digital transformation means that everything will be digitized and the IT infrastructure will expand rapidly. So, our task is ensuring information security for information systems.

What are the biggest challenges for you?

A lot of big events are taking place this year, including the Party Congress. Meanwhile, because of Covid-19, many things have gone online. The biggest challenge for us is the limited workforce, but the workload is really big. 

Nguyen Thao

Cyber information security ratings of State agencies revealed

Da Nang City, the State Bank of Vietnam, as well as Can Tho and Vinh Phuc provinces were rated level A for their concern about implementing information security.

Digital transformation: no time for hesitation

The governments that quickly move forward will be ahead of those that hesitate and proceed slowly in applying digital technologies.