General Director of CMC Cyber Security: Human resources are the foundation to promote the value of accumulated digital heritage
The company was officially established in 2008, when the concept of cyber security was still very novel in Vietnam and seen as a niche in a large IT world, and even before the introduction of Cyber Security Law in 2016 (which officially came into effect in 2019). To date, CMC Cyber Security has become a prestigious name for cyber security in Vietnam and one of the first members of the Information Security Alliance. However, in the eyes of General Director Ha The Phuong, those are not what makes him and CMC leaders in general feel the most proud of.
‘HR is the most valuable asset of the company’
It was reported last year that CMC CyberSecurity's engineers were recognized by Apple for helping detect security flaws in its system. Do you take pride in that, as the Company has affirmed its personnel qualification and position in the field of security?
Mr. Ha The Phuong: We dare not say that we have top experts of the world. What CMC Cyber Security aims at is to build a strong team to provide professional and quality services that meet international standards.
Mr. Ha The Phuong - General Director of CMC Cyber Security.
CMC Cyber Security was established when there were very few software manufacturers that master core technologies, both in Vietnam and in the world. We are proud that we dared to start with never-before-seen products in a context where specific legal or regulatory framework for this field was almost none. And if the Corporation dares to make the investment, then the company is also boldly committed and confident to provide information security products and services developed by Vietnamese people according to the strictest standards.
The strength and also the difference of CMC Cyber Security is that our operating range is very wide, from making software and providing professional services to consulting services according to international security standards. The company is also willing to send personnel to deploy security solutions for enterprises of different sizes.
We are among the first members of Association of Anti Virus Asia Researchers as well as one of the Vietnamese companies included in Microsoft's list of antivirus softare providers in the world.
CMC Cyber Security team of experts
What about the prizes? CMC Cyber Security has been honored with numerous awards and prestigious national and international certifications. Surely that is not the goal of the company, but how does that contribute to the brand development of CMC Cyber Security?
Mr. Ha The Phuong: On our development journey, it's an honor of us to be highly recognized and appreciated by domestic and international organizations. We have received Frost and Sullivan award for cyber security thanks to the quality of our infrastructure and human resources. Another example is CMC Pentest, which has twice received the "Prominent Information Security Service" award from VNISA in 2017 and 2021. The product is confirmed to comply with standards after a rigorous assessment and evaluation process conducted by a group of leaders, managers and leading experts in information security.
In addition, we are also proud that CMC Cyber Security's CMC Malware Detection and Defense solution (CMDD) is the only Vietnamese product to pass the test for Virus Bulletin 100 (VB100) certification with result of 100% for all inspection indicators.
The “collection” of certificates earned by experts of CMC Cyber Security
Those examples represent the concrete demonstration and recognition of the contributions and success of CMC Cyber Security in the market. At the same time, the evaluation of international market research institutions also confirms that the company is having right strategies.
The appreciation and recognition of the market as well as other non-CMC institutions serve as a great source of encouragement for us to continue to make contributions to the company, the corporation and the development of cyber security in Vietnam.
The success of an enterprise is measured by not only the awards they receive, but also the indicators of projects, customers and contributions to the market. Can you tell us more about what CMC Cyber Security has achieved?
Mr. Ha The Phuong: In terms of revenue, customer and market, CMC Cyber Security is currently ranked in the top among private companies, and in the 2nd place among Vietnamese security enterprises.
More specifically, we have two spearhead product and service. First is CMC SOC, a system that applies AI and Automation technology for 24/7 monitoring, analysis, warning and handling of security incidents happening to customer's system in real time. Currently, CMC SOC is being deployed at many enterprises and considered as a reliable service for the Government, State organizations, banks, etc., accounting for 22% of domestic security market share. I think this is a pretty high percentage.
Second is our penetration testing service for compiance with security standards (PCI – DSS, SWIFT, ISO, etc.), which is serving hundreds of enterprises in sectors of banking and finance, securities, e-commerce, etc.
But perhaps the thing that we are most proud of, which is also our biggest asset and our most remarkable achievement is our staff who have been working at CMC Cyber Security. We have a large enough environment for young engineers to join in and try out a full range of security operations, from programming software and providing professional services to consulting and operating technology systems for customers, etc. We also have a professional training system which creates opportunities for them to grow, so that even if they leave CMC, they will still be qualified enough to hold important positions in other organizations.
‘Investing in security is not for show’
The importance of internet security has probably been the talk of the town for a long time. But has this problem been properly recognized?
Mr. Ha The Phuong: Among the 5 pillars of digital transformation, including: Data, connectivity, human resources, e-payment and cyber security, the last one has been identified by the Government as very critical. Perhaps now I don't have to demonstrate how necessary and important information security is. What I - and probably everyone in the industry- want is that policies and regulations aside, what needs to be changed is the perception and thinking of leaders and decision makers both in public and private sectors.
We often liken our job to that of both a policeman and a doctor. We are like policemen, because we constantly have to face a legion of hackers who always have some tricks up their sleeves. We are also like doctors, because security service is very similar to a regular medical examination. In fact, if you are not pressured, god knows when you will visit a hospital for a checkup, and thus miss the golden hour in your treatment.
So, what is the problem here? It is not substantive to think that ensuring cybersecurity is just to meet certain regulations or decrees. Instead, leaders must pay certain attention to it, so that they can be able to spend time and allocate fund for this activity, thereby investing in cybersecurity in the most decent and methodical way.
Only when a consensus is reached by management agencies and businesses can this industry develop and gain its position in the IT panorama. Looking at our neighboring countries like Thailand or Indonesia, they are developing this industry very well... As for us, cybersecurity is now just a very small dot in the IT picture of Vietnam, and yet to have a position that is commensurate with its significance.
A worthy investment in information security is probably still a matter of much discussion. However, are the products and services provided by CMC Cyber Security enough to help customers have a safe internet environment?
Mr. Ha The Phuong: The services that CMC Cyber Security provides to the market have just dealt with parts of the cybersecurity picture; however, those are the most basic parts.
Conducting a pentest, as I said before, is like going for a periodic health check. For example, according to a decree for the finance sector, banks, financial institutions, payment gateways and insurance companies must conduct annual reviews to help detect security holes. In addition, although the customer's product does not change in term of function, but if its core technology is changed, that can be a source of security flaws. CMC is providing solutions to solve this problem to the market.