IT Lad
IT Lad
IT Lad
student wannabe, this is the definition that I would love to give to myself.I am well aware of how
education could bring into people's lives and the potential possibilities that could lead anyone to a higher
level of knowledge and skills in professional development. As a non-standard applicant who is now facing
academic shortcomings, I hope that my years of working in the IT sector could bring me the confidence to
face the postgraduate master's degree. I know I may not have the highest qualifications earned by the
institution; however, my work experience has taught me everything essential to establish my career.
I have been interested in IT and Computer Science since young, and it has been almost a lifetime
devotion that could be traced back even before secondary education. For computer science and the
other relatable subjects that could help me to learn to program, I remained my strong interest within my
entire education period. However, realising that the Chinese education sector required students to be an
all-rounder in a few courses that were not relatable, the admissions policies and the score of the
university entrance examination disagreed with my passion and devotion.
Luckily, the rapid development of the Information Technology sector in China is so demanding that
university-level education is no longer the compulsory requirement to enter the job market. With only a
high school graduation certificate and the fantastic programming capabilities learnt from my entire
primary and secondary education through self-taught online tutorials, I could still manage to pull off the
application with respect. They were impressed with the level of skills that I could do with a computer, and
therefore I get hired quickly.
I began my role as a penetration testing engineer from JiuZhou XinTai Technology Co, Ltd. This could
trace back to 2018 and built my solid foundation to understand how cybersecurity works. And then, I
have moved into one of the key players in the industry, the sub-branch of the online service powerhouse
in China. The 360. Until 2022, I will be having around five years of working full time as a cybersecurity
engineer in IT. I am proficient in JavaScript, Crystal, Nim, PHP, and other languages for Exploitation,
Scripting and Validation throughout my years in employment. And also on the Code Auditing area:
proficiency in code auditing including Java / PHP / JavaScript. My skills have even been recognised by the
authority, including CITIC, China National Meteorological Administration, China National Air Traffic
Control Bureau, China Internet Information Office, China Ministry of Finance. I have participated in
several national Cyber Security Attack & Defence Operation (CSDO) organised by them, winning first
place with my teammates. I also have two original vulnerability certificates issued by the CNVD (China
National Vulnerability Database).
And also, on the commercial side, I have made the following achievements and brought supports to quite
a few significant companies. Here are the vulnerability issues that I discovered:
First: Vulnerability in SangFor's VPN Client Remote Command Execution (RCE) This product is the number
one VPN for commercial VPNs in China and is one of the company's main products. I first discovered the
vulnerability and successfully bypassed (Bypass) two of its subsequent patch releases. It was ranked third
in the SRC (Security Response Center) for 2021 to discover this vulnerability alone.
Second: AntSword remote code execution vulnerability. This tool is a modern implementation of the
well-known hacking tool China Chopper, which is the most popular WebShell management tool used by
Chinese cybersecurity practitioners.
Third: 'UYUN' Operations and Maintenance System Unauthorized (PreAuth) Remote Code Execution
Vulnerability. This product is one of the more popular AutoOPS systems.
Fourth: Tencent, a famous Chinese internet service provider, made its reputation in online messaging and
gaming services: SSRF (Server-Side Request Forgery) vulnerability, which can probe Tencent's intranet
(LAN) port openings.
Fifth: Bilibili, currently the most popular video content uploading platform within the Chinese speaking
internet world: CSRF (Cross-Site Request Forgery) vulnerability, could conduct a worm attack on its focus
function.
Sixth: Baidu, the most popular search engine within the Chinese speaking internet world: Multiple XSS
(Cross-Site Scripting) vulnerabilities that could steal user login sessions (cookies) and sensitive user
information.
The academic shortcoming has been a long term struggle for me to progress further. However, I am
aware that it could be overly time-consuming to enter the Chinese higher education system. The entire
four-year degree in computer science will require passing the examination and spending four years in an
institution learning the introductory skills that I have already bypassed. But still, with such an issue, I have
provided the solution by taking some courses on the level of associate degree/ higher education diploma
through online distance learning. It states that I still hold the capabilities of learning as not enter the
university full time is a choice rather than a choice the reality. And now, with my time merged up in the
professional development, I realised that I could kiss my academic shortcoming goodbye. As your
institution offers opportunities for those who may not choose to enter university life earlier but instead
focus on making the career progression, I would be delighted to make myself a postgraduate masters
student with everything I have learned. Now I am hoping for more. Completion of the studies will not
only bring a permanent solution for the issues in academic shortcomings and enable me to embrace the
most cutting-edge technology that I have ever experienced in the workplace. Therefore, I am looking
forward that your institution could dive into the materials that I provided. I hope overlooking my career
could bring you the image of a talented young man devoted to the IT industry, particularly in
troubleshooting vulnerability issues. This is where I obtain my confidence to be a prospective student in
your institution.
Thank you very much for your precious time to read my statement. I hope to hear from you soon with the
updated offer letter.