Previously a production line supervisor at TSMC with nearly six years of experience in production management, I made the bold decision to leave this "Silicon Shield" due to personal circumstances and interests, transitioning into the field of cybersecurity. Now specializing in penetration testing, vulnerability scanning, and related assessments, I entered a field entirely unrelated to my previous career. Through persistent learning and a rigorous routine of working during the day, parenting in the evening, and studying late at night, I achieved first place in the HITCON ZERODAY 2023 vulnerability disclosure rankings within just one year of transitioning and successfully reported two CVE vulnerabilities.

This session aims to share my journey of career change and learning experiences, encouraging more people to step boldly into the cybersecurity field. Whether you are a beginner or considering a career shift, this talk offers insights and directions for learning and growth in cybersecurity.

In Taiwan, obtaining certifications have always been a common practice. However, in the today's environment of stigmatized intellectual prestige hierarchy, how should we navigate our own paths? Should we chase after higher-level certifications, or should we prioritize honing our practical skills?

Based on the phenomenon observed in recent years, the speaker will share Offensive Security's learning journey and exam preparation strategies (including 100-Essentials and 200-Foundational series and OSCE³) drawing from personal experience, and explores the impact and possibilities of Offensive Security's revamping of the OSCP to OSCP+ in 2024.

AI is transforming the cybersecurity industry, from automated threat detection to offensive and defensive simulations. This technological evolution is reshaping the core functions of cybersecurity professionals. But is AI merely a tool, or will it become the dominant force in the industry? How should cybersecurity professionals adapt to this shift?  

This talk will explore the intersection of AI and cybersecurity, covering current applications, its impact on talent demand, and the future career landscape. We will analyze how AI is redefining the role of cybersecurity professionals, identify the essential skills for the future, and provide learning recommendations to help attendees stay competitive in the AI-driven cybersecurity era. 

In 2024, an industry-academia collaboration team published the first cybersecurity scenario case study in the global Complex Chinese edition of Harvard Business Review. The case study emphasizes "using fictional business stories to illustrate the potential dilemmas faced by leaders."

Set against the backdrop of a major screw manufacturer, a typical Taiwanese manufacturing enterprise, the case follows the factory’s transition toward smart manufacturing. After a cyberattack shuts down the entire production line, the company’s future operations are threatened. However, compromising with the hackers could damage its reputation and carry legal risks. With the ransom deadline fast approaching, should the Chairman pay the ransom?

The case study was released just as Taiwan’s listed companies were facing significant regulatory changes regarding mandatory cybersecurity disclosures in 2024. Would board members and senior executives of publicly traded companies still find themselves caught in a dilemma when dealing with ransomware attacks? The team also incorporated AI tools for the first time to guide group discussions. Reflecting on past experiences in board and executive education, does the combination of case studies and AI-based teaching enhance participants' cybersecurity awareness and learning outcomes?

As a Red Team professional, besides mainstream certifications like OffSec and EC-Council, what are some lesser-known but valuable certifications worth pursuing? In this talk, I will share my experiences preparing for various Red Team certifications and provide practical insights from real-world applications. The session will cover certification choices from fundamental to advanced levels, along with useful resources and effective learning strategies. Whether you're a cybersecurity beginner or an experienced Red Teamer, this session will help you find a certification learning path. Let’s continue honing our skills and embracing greater challenges on our Red Team adventure!

With the accelerated trend of digital transformation, cybersecurity protection has shifted from an "optional investment" to a "core strategy" for businesses. However, the talent gap in the cybersecurity market continues to widen. Companies face significant challenges in finding professionals with expertise in penetration testing, vulnerability management, and risk governance.

This talk will explore the career development paths in the cybersecurity field from the perspective of market demand, helping aspiring cybersecurity professionals understand industry trends and enhance their competitiveness.

Cybersecurity certifications are not just a symbol of expertise; they should be a gateway to the field and a bridge for professional communication. They should foster knowledge sharing and collaboration, standardize skills, and drive the growth and professionalization of cybersecurity. This session will help you gain a clear understanding of the true value of professional certifications.

In today's corporate landscape, cybersecurity is receiving increasing attention. However, the communication gap between CISOs and frontline security personnel is often overlooked, making it difficult to fully implement security strategies.

This talk will take a humorous and engaging approach to explore key cybersecurity challenges, including the subtle communication divide—"CISOs are from Mars, frontline staff are from Venus," the importance of risk prevention likened to the dangers of skipping sunscreen, and the collaboration struggles in an organization that sometimes feels like a zoo.

Additionally, we will introduce the innovative "Cybersecurity Flash Ideation Session", showcasing how to spark creative thinking and enhance cross-departmental collaboration. We will also dive into the reality of high-level executives shielding each other from accountability, analyzing its impact on frontline security teams and providing effective communication and breakthrough strategies.

Through real-world case studies, we will share both the challenges and successes of driving cybersecurity policies within an organization. The session will also feature live demonstrations and role-playing exercises, recreating common communication misunderstandings to help attendees gain deeper insight into cybersecurity workplace dynamics and potential solutions.

This talk promises to be a lighthearted yet thought-provoking cybersecurity journey—one that helps bridge gaps across all levels and equips attendees to tackle today's cybersecurity challenges together.

HITCON CTF is one of the few globally recognized cybersecurity competitions in Taiwan and serves as a qualifier for DEFCON Final, representing a milestone for cybersecurity talent education in Taiwan. In recent years, we have designed challenges that are comparable to real-world scenarios, showcasing the latest offensive and defensive techniques while ensuring an element of fun Meanwhile, to address the lack of cybersecurity skill training for blue teams and provide a platform for enterprises to demostrate their capabilities, we have also organized the incident response-oriented HITCON Cyber Range, allowing participation from various industries in Taiwan to raise awareness of cybersecurity. |In this presentation, we will delve into the design and experiences of competing in HITCON CTF and HITCON Cyber Range.

Is cybersecurity the right career path for me? IT, cybersecurity, or a combination of both?

We'll explore:

• The realities of transitioning from IT to cybersecurity.
• Key considerations for those contemplating a career in cybersecurity.
• Practical steps to build a successful cybersecurity career.
• The role of certifications in career advancement.
• Real-world experiences and lessons learned.

Whether you're curious about cybersecurity or already in the field but unsure of your next step, this session will provide valuable insights to help you navigate your career path with confidence.

People have always been the weakest link in cybersecurity. Incidents such as data breaches, social engineering attacks, and phishing campaigns often result in significant financial or reputational losses for organizations. Therefore, leveraging the TTQS and PDDRO models in conjunction with the cybersecurity management requirements of ISO 27001 has become a critical task for enterprises. By addressing the five stages of Planning, Design, Execution, Output, and Improvement, organizations can systematically design, implement, and evaluate cybersecurity training activities after identifying their security objectives.

ISO 27001 provides a systematic cybersecurity management framework. By using its risk assessment and control measures as the basis for training needs, organizations can enhance the relevance of training activities and ensure alignment with international standards.

Additionally, the principle of Continual Improvement resonates with the improvement stage of TTQS, facilitating the ongoing optimization of information security training quality.

Ultimately, integrating TTQS, PDDRO, and ISO 27001 can improve the efficiency of training investments, ensuring that every dollar spent is well-utilized. This approach also highlights the strategic value of IT personnel within an organization. These practical insights and outcomes are the focus of this sharing session.

In the cybersecurity battle, the Blue Team serves as the backbone of an enterprise’s defense. As such, building a strong defense team is a critical task for any organization. However, with the growing global talent shortage, finding the right cybersecurity professionals has become a significant challenge. This session aims to offer companies valuable insights on how to build an effective Blue Team. By addressing the mindset, we’ll explore how to craft strategies and implement them in the real-world enterprise environment, providing actionable guidance on strengthening Blue Team capabilities.

This presentation offers an in-depth exploration of the multifaceted impact of cybersecurity certifications (e.g., ISC2 CC) on careers and organizations, from the perspective of HR professionals. Through real-life cases and practical experiences, it highlights how HR practitioners can leverage cybersecurity knowledge to gain unique advantages in human resource management. These include enhancing understanding of cybersecurity issues, fostering an internal cybersecurity culture, and strengthening cross-departmental collaboration skills.

The presentation will emphasize how HR professionals with cybersecurity certifications can apply their knowledge internally, from talent acquisition to process risk management, helping organizations effectively address data protection challenges. Additionally, it will discuss the future potential of cybersecurity certifications and demonstrate how HR can combine their professional expertise with cybersecurity knowledge to create greater organizational value.

Focusing on the HR perspective, this presentation reveals the application potential of cybersecurity certifications in non-technical roles, providing the audience with fresh insights to explore new possibilities within their own fields.