Interview with CyberSecurity Talent: Aye Hein Zayar
1) A bit about yourself
- I am Aye Hein Zayar. Some called me Zayar and some called me Ko Hein.
- Most of my background comes from blue team and security engineering background. And I woked for multiple companies and managed security services such as The Linux Lab, mmCERT/cc, Kernellix, Hewlett Packard Enterprise and Lazada Singapore. Right now I am working as a security consultant in PwC Singapore.
- I am a simple person and love to listen songs, love to travel and wanna explore more on natural phenomena.
- I simply understand as I am a human being in a small / short life and totally agreed on gives and takes of a mother nature. That the reason I will never complaint on my life and cause and effect of every situations.
2) What made you become obsessed with cybersecurity?
- The one thing I am still on cyber security track is because of the challenges are endless and I can do(at least I can try) anything what I really want without boundaries.
- As I was a blue teamer before, every time I tried was how to detect and how to prevent if possible in advance. But according to the nature of threats, it not easy to detect in advance. Detection is only the second step for me after something happened already.
- Since I understood that situation, I stepped forward a few on offensive side and threat hunting side by guidance of some seniors.
- Started from a few years back, I learned on Offensive side as I required to understand every detail of security threats and steps. And still learning on threat hunting as well to identify multiple threat flows.
- Whichever the way of attack or defense, it is really playful and enjoyable. There's only a tiny thin layer between them.
3) Please share how you achieved OSCP certification.
- As offsec's motto, "I Tried Harder".
- As I was a blue teamer before, the first thing I made was I changed my mindset to a different(totally opposite) angle, Offensive side. Once you changed, it may last forever.
- The tip for OSCP is service enumeration, the reconnaissance. If you missed something in service enumeration, you can fail.
- Prepared and tried to understand on weakness/vulnerabilities of programs and services. It helped me a lot on privilege escalation.
- Make sure to include every single step of attacks in exam report. Make effort well on exam reporting part same as penetration part.
4) How do you foresee yourself in next couple years?
In my future, I will be focusing more on offensive part, threat hunting part and threat detection part together. Because I believed that those all are linked together and if I miss in a single point, I may miss the concept of threats and my target may not achieve completely. So that I need to focus more on them to get a better results.
5) How anyone can admire your success and follow your life.
- For me, as a simple life as human being and I am doing my best all the time not to regret in a day. There is nothing much to follow me.
- I suggest you to walk on your own and make your own choice all the time.
- Don't change because of your environment or anyone, change because of your desire. You can follow me at