Growing Hong Kong financial service group looking to expand their security team in need of cybersecurity knowledge
A leading Hong Kong-based financial services group listed on The Stock Exchange of Hong Kong (with over US$100 billion as of 31st December 2018), is dedicated to providing comprehensive corporate banking, personal banking, wealth management, and investment services to its customers in Hong Kong, Mainland China, and other major markets around the world.
The Stock Exchange of Hong Kong, serving the needs of customers throughout Greater China and beyond, with total consolidated assets of HK$839.5 billion (US$107.2 billion) as of 31st December 2018.
At a Glance
knowledge transfer
internal cybersecurity team
What brings them to MXC
To expand the internal cybersecurity team, many new members were recruited and transferred from other IT-related teams. They looked for a fast way to learn the knowledge of the methodology in the attacker side, including the network and application penetration test skills, basic programming technique, as well as the advanced application exploit technique. By better understanding the attacker’s mindset, the team could develop a sophisticated defensive mechanism.
Challenges
- Lack of domain knowledge on attack techniques used by the attacker.
- The self-study was not an efficient way because a team was required to boot up their skills in a short period.
Results
Maximus or MXC Cyber Security Advisory Team was appointed to provide professional technical training to the staff of the internal security team. The trainers who acquired advanced certifications from CREST organization and had over-ten-year programming experience provided training topics including the methodology of a penetration testing, the most critical and common web application security risks based on OWASP top 10 which is announced by US authority called “The OWASP Foundation”, programming techniques, and the advanced method to exploit the client-side applications.