Ask the Expert: Minzhi He
In his early days, Minzhi never thought he’d become a Security Engineer for the largest crypto and blockchain security company in the world. With a background in software engineering, and a desire for DeFi, Minzhi has built upon his skillset to become a Security Engineer with CertiK!
Below, Minzhi shares a day in the life, alongside his background, interests, and more.
Who are you? How did you start your career?
I am Minzhi He. I joined Certik in March 2020. I majored in cybersecurity, and I first got exposed to blockchain technology in one of my Masters courses. I joined Certik after graduation, I did some pentest work for mobile and web applications at CertiK and recently, I began working on smart contract audits.
Q: Why did you want to become a security engineer?
I did not know that I was going to be a security engineer when I was young. In my undergrad, I majored in software engineering. I learned some coding skills, some basic knowledge about networks and operating systems, and I took some internships in software engineering but I didn’t really like it. So I thought maybe I could make a little bit of a change. I thought being able to control something without even physically accessing it is so cool to me. So, I thought why not give it a shot and try to pursue a career in cybersecurity. I learned a lot about cybersecurity and penetration testing, and became a security engineer.
Q: What does your daily work schedule look like?
Read Twitter, news etc to find out if a new hack/rug pull has occurred.
Reading and responding to all communications with the team.
Auditing smart contracts/pentesting application
Discuss with teammates about issues we found.
Communicate with clients
Q: What are some of your challenges and accomplishments?
When I first joined the company, I had basic knowledge of general cybersecurity/pentesting, but I had very little knowledge in terms of cybersecurity in blockchain. I was kind of intimidated. It was difficult for me to fully understand what the smart contract was trying to accomplish at first. During my work, I was able to learn more about blockchain technology. When I did pentest on dApps, I was able to get familiar with the functionality of a DeFi project. Gradually, I was able to read Solidity code, find issues inside contracts, and audit a project.
One of the challenges I met was analyzing DeFi hacks. When I did this for the first time, I had very little experience in contract auditing. It was difficult for me to understand how the attack happened even though I knew which line of code was the root cause. My teammates and I spent a lot of time on this, we were able to understand what actually happened, and we wrote an analysis on that. After a few incidents, I became more familiar with that, and I was able to do the analysis more efficiently.
Q: What do you do in your spare time?
Read blogs/twitter about the DeFi space, understand the principle of popular projects, learn about recent hacks, play video games, and play board games.