Jolicia Pamintuan
Offensive Security Engineer, Philippines
Jolicia Pamintuan is an Offensive Security Engineer based in Manila, Philippines. During her four years in VikingCloud’s Cyber Threat Unit, Jolicia has focused on conducting vulnerability assessments and penetration tests, as well as participating in internal knowledge-sharing sessions to help improve her and her team's skills and knowledge.
Jolicia is called on wherever there’s an opportunity to help customers with dark web scanning, phishing exercises, and mobile application assessments. She also leads the Manila New Employee Onboarding (NEO) team for VikingCloud’s Managed Security Testing services and is cross-trained for the Quality Assurance (QA) team, where she reviews assessment reports made by other team members to ensure consistent delivery of client reports.
Jolicia hones her skills by participating in internal and external Capture the Flag (CTF) competitions with her colleagues, and security/hacking conferences. She recently tackled ROOTCON 17's Mystery Challenge with a colleague, solving various problems that tested her hacking and sleuthing abilities, and grabbed the #1 spot as the top scorer. Jolicia also participated in the NahamCon CTF with colleagues, earning a place in the Top 100.
Interview with Jolicia
Q: What’s your favorite security vulnerability and why?
A: “Database-related vulnerabilities are my favorite. I get excited when I see ports related to database servers, as I like experimenting with different commands and digging deeper to mitigate these types of vulnerabilities. I like how it challenges me to push my boundaries and learn more.”
Q: What is the primary cause of breaches you see most often? Do you have any relatable stories you can share?
A: "Misconfiguration and lack of awareness are common causes of breaches I encounter and read about. It often begins with default or exposed credentials or misconfigured settings. It typically all boils down to individual complacency and awareness. Even with strong security defenses, one careless move can compromise the entire system if people are not properly trained and vigilant.
I recently experienced a personal hacking attempt in which a relative's social media account was compromised. The cyber attackers posed as customer support trying to help and even made me believe my relative was part of the support call. Remembering my security training, I noticed several red flags—requests to install apps with excessive permissions and the “support person” getting furious and threatening when I didn’t comply. Thankfully, I managed to maintain control of my relative’s account before any harm was done.
After that incident, it occurred to me that awareness and attentiveness should always come hand in hand, and we should never be complacent when it comes to security."
"Even with strong security defenses, one careless move can compromise the entire system if people are not properly trained and vigilant."
Q: If you could give one piece of advice to our customers, what would it be?
A: “I recommend consistently revisiting fundamental security measures, as we are all potential targets for cyber threats. In my experience, breaches and vulnerabilities often stem from basic oversights. Thoroughly reviewing basic setups and configurations, along with training employees to identify security red flags in their daily tasks, is essential. Given the rapid evolution of technology, maintaining vigilance and caution in our actions and communications is imperative. Additionally, regular Vulnerability Assessments and Penetration Tests (VAPTs) are crucial to ensure that all security measures are effective and up to date."
Jolicia’s knowledge and experience in the cybersecurity field make her a key asset to the VikingCloud Cyber Threat Unit. Her commitment to continuous improvement of her security knowledge and eagerness to seek out new challenges and help and influence her colleagues to aim for growth is admirable, and we’re proud to have her on the team.
Learn more about Jolicia on LinkedIn: https://www.linkedin.com/in/jamrpamintuan/.