Black Hat Asia Asian nations in which governments are keen on citizen surveillance struggle to develop ethical hackers, as prospective workers fear their activities may be misunderstood, according to security specialist Mika Devonshire.
Devonshire spent much of 2019 and 2020 in Hong Kong, working as a digital forensics and incident response specialist at Blackpanda and serving as assistant faculty at Hong Kong University.
“The climate on the University of Hong Kong campus in the fall of 2019 was a bit different that you are used to on a university campus," she said at the Black Hat Asia 2021 security conference yesterday.
Referring to the Anti-Extradition Law Amendment Bill Movement as China sought to take more control of the special administrative region, and the high level of surveillance and detainment accompanying the protests, Devonshire said she “got to thinking about how that would impact anyone’s education at that pivotal time in your life when you are trying to develop your career path and how you will enter the workforce and move forward.”
Devonshire said students she met feared ISP monitoring and felt that participating in capture-the-flag events or hackathons could make them look deviant.
- Average convicted British computer criminal is young, male, not highly skilled, researcher finds
- So it appears some of you really don't want us to use the word 'hacker' when we really mean 'criminal'
- Computer security world in mourning over death of Dan Kaminsky, aged 42
In a list Devonshire provided of the world's ten most surveilled countries, Asia took four positions. China topped her list, with Singapore, Hong Kong, and India coming in fourth, ninth, and tenth respectively. Western countries also rated "highly." The USA came in second, the UK third, and Australia fifth.
The desire to avoid attention and pursue a perceived “safer career” understandably led many to career paths away from infosec. Devonshire said Asia is short 2.4 million cybersecurity trainees, a huge slice of the world's four million vacancies.
Devonshire asserted that following best practices and developing a well-regarded professional biography can prevent a trainee from having their behavior and intentions misunderstood. However, reports from her students revealed a lack of legal understanding and a feeling that the laws in place were not clear.
She cited other reasons students eschew the industry as a lack of prestige, waning long-term interest, and the impression that a career in ethical hacking would lead one to only one potential employer – the state. ®