AJ Dumanhug, a 26-year-old ethical hacker and cybersecurity expert who co-founded Secuna, makes a living out of cracking the IT systems of companies, organizations, and government agencies with the purpose of making them more secure and protected.
His interest in IT began a decade ago while playing online games. “From there, it grew the desire to understand the best way to use technology,” he says in an interview via email.
Dumanhug decided to become an ethical hacker after learning that companies are willing to provide cash rewards to people who responsibly disclose a security flaw they find in the company’s product.
“Ethical hackers can counter cybercriminal attacks, and risks from these web threat attempts can be mitigated by doing deep dives into how these digital terrorists think, plan and operate. Given these cybercriminals’ considerable skills and the support from their own network, their attacks can be countered by an equally knowledgeable and skilled community—but this time, one that is on the side of the digital angels,” he says.
In 2017, he helped establish a company composed of trusted international cybersecurity professionals called white hat hackers or simply ethical hackers to identify potential security flaws.
“Having a large network of ethical hackers is a huge advantage for Secuna in helping companies, organizations, and even the government secure their digital assets. As hackers, they are also privy to cybercriminals’ ways, mindsets, and methods, enabling them to stay one step ahead,” says Dumanhug.
IT degrees
Dumanhug, who obtained Bachelor of Science Information Technology degree from STI College, studied short courses at the University of the Philippines, and took Professional Science Master in Cybersecurity at Holy Angel University, is now the chief executive at Secuna—a Philippines-based cybersecurity firm that offers penetration testing services.
“Secuna is my first professional job, but I also worked as a full-time consultant for almost three years for the University of the Philippines System under UP Information Technology Development Center. I am a cybersecurity mentor for startups through Ideaspace Philippines, a highly technical consultant for the National Privacy Commission, and a part-time Infosec Training Instructor at De La Salle-College of Saint Benilde SPaCE,” he says via email.
Bug bounties
He actively participates in bug bounties by legally hacking companies who offer cash rewards for finding and reporting valid bug reports. In 2019, he and other hackers were invited to a private live hacking tournament hosted by Facebook and Google in Singapore. They placed 7th after discovering and reporting multiple bugs on Facebook and providing the best-written report.
Recently, Dumanhug and hackstreetboys recently placed third out of 650 teams in the DEFCON Red Team Village CTF competition.
Dumanhug also holds many titles and certifications such as certified ethical hacker, certified security analyst, offensive security certified professional, certified red team professional, offensive security web expert, certified red team expert, practical network penetration tester, eLearnSecurity certified digital forensics professional, eLearnSecurity certified threat hunting professional and eLearnSecurity certified incident responder.
Cybersecurity platform
Secuna is the first and only cybersecurity testing platform in the Philippines that helps startups and SMEs by connecting them to the most advanced and highly-vetted cybersecurity professionals in the world to simulate cyber-attacks and find security flaws that real-world malicious hackers can exploit and leverage to gain access to IT systems.
Secuna is the combination of SEC, short for “security”, and una, a Filipino word which means “first”. It is the first and only crowdsourced cybersecurity testing platform in the Philippines that has a community of thousands of the world’s most advanced and highly-vetted cybersecurity professionals and ethical hackers.
The company offers managed service that helps in setting-up ISO-compliant security vulnerability disclosure program and bug bounty program to receive and act on vulnerabilities discovered by cybersecurity professionals.
Secuna also offers compliance service, a comprehensive, modern, and ISO-compliant vulnerability assessment and penetration testing. This service is tailored-fit for apps/websites that have never been tested for cybersecurity flaws or for businesses with requirements of third-party assessment reports from government agencies.
Dumanhug was recently appointed CEO of Secuna and replaced Iannis Hanen, former CEO of Friendster, who was appointed as vice president for global sales of Secuna.
World-class talents
With the leadership of Dumanhug, Secuna will continue to pursue in providing world-class, effective, scalable, and cost-effective cybersecurity solutions that are not just within reach of multinational companies but also of startups and SMEs. He will also be responsible for driving business growth and overseeing all operations across the Philippines and the Asia Pacific markets.
On what makes ethical hackers better than the rest, Dumanhug says they are not only trained to spot vulnerabilities but are also there to prevent online crimes. Ethical hackers understand the breakdown of a data breach, where the common vulnerabilities are, and how to potentially resolve these before they become a problem, which helps reduce a company’s risk of being breached, he says.
“We are on a mission to strengthen the world’s capability to build secure and better cyberspace. The company has been striving to be at the forefront of cybersecurity in the Philippines. Since our inception in 2017, it has been committed to helping companies, organizations, and even the government secure their digital assets,” he says.
Some of Secuna’s notable clients are Dashlabs, QuadX, UBx, Kumu, Paymongo and Palawan Express, among others.
Dumanhug is optimistic about the growth of cybersecurity sector in the country. “The Philippines is still at the infancy stage in terms of cybersecurity,” he says.
He cites the need for further collaboration between private sector and the government as there are not enough people in the government who perform cybersecurity tasks.
“There are security professionals out there willing to lend a hand to help secure their government from various cyber threats and attacks,” he says.
Young CEO
Dumanhug is tasked to drive the growth of Secuna globally. “I am delighted to be the CEO of Secuna at a critical time when companies need to embrace cybersecurity at the core level of their businesses. As a co-founder, I’ve had the privilege of seeing firsthand how Secuna’s innovation is responding to organizations’ cybersecurity needs with its unique penetration test approach tapping the best ethical hackers across the globe. As demand to protect corporate and essential data escalates amid an evolving threat landscape, Secuna is the best penetration test platform to address these challenges,” he says.
“Under my leadership, Secuna will continue to pursue world-class, effective, scalable, and cost-effective cybersecurity solutions that are not just within reach of multinational companies but of startups and SMEs.
Dumanhug says Secuna is now developing a business model with government agencies that is similar to “Hack the Pentagon” and “Hack the Air Force” cybersecurity programs in the United States, where ethical hackers identify security holes in an entity’s computer systems.
Among the sectors that highly require cybersecurity services is the healthcare industry because of the type of data they collect and process.
“Millions of health records are compromised every year because cybercriminals can sell protected/personal health information on the dark web for hundreds of US dollars per data,” he says.
Advice to young people
Dumanhug advises young people to only consider “hacking” as a means to protect, not to commit crimes. “Hacking teaches young people to be resourceful, they will learn how to conduct research and how to be creative. However, it could also lead them to some legal troubles if they are not aware about cybersecurity-related laws. So my advice is to understand the consequences of hacking,” he says.
He says students should consider a career in cybersecurity. “There’s a huge scarcity in cybersecurity for professionals. A lot of companies need at least 1 cybersecurity professional to help them secure their products online. There are also a lot of fields in cybersecurity,” he says.
“Cybersecurity is not just about hacking. Cybersecurity is a responsibility, not just a list of regulations and compliances to check off in order to claim that they are secure and compliant. Corporate sector and government should prioritize cybersecurity– not only after they have been breached or have a security issue,” he says.