Tran Dai Chi: Vietnamese engineer honored by the US Department of Defense.

Tran Dai Chi, born in 1992, an Amazon security engineer currently residing in Texas (USA), was named by the US Department of Defense on the DC3 website for ensuring the information security of the country's Cybercrime Center.

 

DC3 VDP (Vulnerability Disclosure Program) is a vulnerability detection program under the Cybercrime Center (DC3) of the U.S. Department of Defense (DoD).

Each month, DC3 honors an individual who has made significant contributions to information security within the organization's system. And Chi, with the nickname "0xfatty," was honored by DC3 as "Researcher of the Month" this past March.

The US Cybercrime Center announced on Twitter that the two attack methods that Chi discovered and warned about are rated as "serious." If exploited by malicious actors, this vulnerability could "lead to a complete breach of the system" of the organization.

This isn't the first time Chi has been honored; previously, this security engineer was also recognized by Google and rewarded by Apple for his discoveries in the field of cybersecurity for these organizations.

 

Approaching 30 years old and having achieved many admirable accomplishments, Tran Dai Chi has actually only been formally studying cybersecurity for less than three years. Chi failed the university entrance exam twice in Vietnam and previously attended a vocational school in Ho Chi Minh City. In 2013, while many of his peers had already secured stable jobs, Chi decided to "start over" - to study abroad.

Tran Dai Chi was accepted into Southern Methodist University (Texas, USA), which he considered a stroke of luck. However, in the initial stages, he faced many difficulties and interruptions due to his lack of fluency in English, complicated visa procedures, and even "culture shock".

In 2018, Chi officially joined the security industry. He was hired by Amazon Web Services' security department after passing six rounds of interviews. He worked in Amazon's cloud computing division, testing products and services before they were launched to the market.

During his free time, for 1-2 hours each night, Chi sought to infiltrate large systems to study security. He built his own "scanning" system to find systems that might be affected by publicly disclosed security vulnerabilities. Using this system, Tran Duc Chi discovered the CVE-2021-22986 vulnerability in the F5 BIG-IP service, which is used by many organizations in the United States.

Chi stated that if hackers successfully exploit this vulnerability, they will gain control of the entire server and can do anything on it, even launching attacks from one machine to multiple others.

He only went as far as detecting and confirming security risks because US law is strict about cyberattacks. After that, he compiled and submitted a report to the US Department of Defense.

Following the warning from this Vietnamese engineer, the US Department of Defense conducted an investigation and shut down the problematic servers to fix the issue.

Chi said that the greatest reward he received from his security achievements was recognition and improved technical skills. This helped him make more friends in the information security industry both in Vietnam and around the world.

Chi and Hieu PC participated in the Anti-Fraud project, helping users raise awareness about information security and avoid accessing fraudulent websites.