Frequently Asked Questions

Please send your questions to faqs@yehg.net. Only idea questions.
For technical questions, only Google knows better than us.

  • Q: How should I get started learning hacking?
    A: [Updated 2018]: There are a few ways.
    One is to get involved CTF challenges online and locally (not a lot but hosting frequently) - You can watch some inspiration videos. Learning curves could be frustrating and steep but rewarding in the end.
    Second way is to get a grab of copy of Security+ study guide and get the basics of all info sec stuffs. Take the exam if you can. After getting basics, you can move on to reading hacking ebooks and practising yourself. Or get the certifications from COMPTIA - Pentest+, Offensive Security, ElearnSecurity certs and others. Those certs enable you to bring you to higher levels as well as give you some form of guarantee for employment as pentester.

  • Q: How do you think guys in Myanmar who are learning/doing hacking?
    A [Updated 2018]: In early days of youth, they may randomly hack into web sites/systems illegally. But the most profitable way is to join HackerOne, BugCrowd, SynAck and be a paid professional bug hunters.

  • Q: What are differences in IT Security Engineers, IT Auditors, Pentesters/RedTeamers?
    A [Updated 2018]: IT Security Engineers enforce security policy and hardening procedures. IT Auditors ensure IT Security Engineers do things correctly as intented. Pentesters check whether those things are no longer sufficient to protect current evolving attack techniques.

  • Q: I'm tired of seeing vulnerabilities in softwares. Will there be any softwares without ones?
    A: New vulnearbilities will always arise as long as security is not enforced. Even if security is enforced, attackers will find new ways to bypass it. It's the beautify of security vs hacking.

  • Q: What should I prepare to work in security field?
    A: Of course, the first is technical skill. The second is communication and language skills - the most important one all technical people don't give a shit about. Even if you possess tons of Offensive Security and CREST certs, have done tons of bounty huntings, finding CVEs, you won't be hired unless you can speak and write English to the point that People can understand you. This language skill will always be a barrier for our Myanmar people unless one strive to practise hard daily and frequently until their first job is landed at English-as-the-first-communication-language company either locally or abroad.

  • Q: How can I succeed in the security field?
    A: Like any other fields, constant learning is necessary based on levels you are at. If you are pentesters, you got to keep yourself updated with and skillful at latest technical stuffs. If you move up to management fields, you got to learn management stuffs while keeping yourself updated with latest security trends. In terms of soft life skills, don't get emotional with anything in life and at work. Work out solution and deal with situation straight. Life will always move on. It's your call whether you stay strong throughout the winds or fragile/dying/complaining whenever bad things throw at you.

  • Q: Can I be a part of YGN Ethical Hacker Group?
    A: YGN Ethical Hacker Group is a virtual group intended to represent EVERY ethical hacking enthusiastic PERSON of Myanmar. If you love ethical hacking/cybersecurity, you are part of YEHG. You are absolutely welcome to submit your research (eg. BASE CTF write-up). If you think someone is outstanding, please feel free to reach out for talent spotlights.