Ask the Expert: Minzhi He

In his early days, Minzhi never thought he’d become a Security Engineer for the largest crypto and blockchain security company in the world. With a background in software engineering, and a desire for DeFi, Minzhi has built upon his skillset to become a Security Engineer with CertiK!

Below, Minzhi shares a day in the life, alongside his background, interests, and more.

Who are you? How did you start your career?

I am Minzhi He. I joined Certik in March 2020. I majored in cybersecurity, and I first got exposed to blockchain technology in one of my Masters courses. I joined Certik after graduation, I did some pentest work for mobile and web applications at CertiK and recently, I began working on smart contract audits.

Q: Why did you want to become a security engineer?

I did not know that I was going to be a security engineer when I was young. In my undergrad, I majored in software engineering. I learned some coding skills, some basic knowledge about networks and operating systems, and I took some internships in software engineering but I didn’t really like it. So I thought maybe I could make a little bit of a change. I thought being able to control something without even physically accessing it is so cool to me. So, I thought why not give it a shot and try to pursue a career in cybersecurity. I learned a lot about cybersecurity and penetration testing, and became a security engineer.

Q: What does your daily work schedule look like?

Read Twitter, news etc to find out if a new hack/rug pull has occurred.

Reading and responding to all communications with the team.

Auditing smart contracts/pentesting application

Discuss with teammates about issues we found.

Write reports.

Communicate with clients

Q: What are some of your challenges and accomplishments?

When I first joined the company, I had basic knowledge of general cybersecurity/pentesting, but I had very little knowledge in terms of cybersecurity in blockchain. I was kind of intimidated. It was difficult for me to fully understand what the smart contract was trying to accomplish at first. During my work, I was able to learn more about blockchain technology. When I did pentest on dApps, I was able to get familiar with the functionality of a DeFi project. Gradually, I was able to read Solidity code, find issues inside contracts, and audit a project.

One of the challenges I met was analyzing DeFi hacks. When I did this for the first time, I had very little experience in contract auditing. It was difficult for me to understand how the attack happened even though I knew which line of code was the root cause. My teammates and I spent a lot of time on this, we were able to understand what actually happened, and we wrote an analysis on that. After a few incidents, I became more familiar with that, and I was able to do the analysis more efficiently.

Q: What do you do in your spare time?

Read blogs/twitter about the DeFi space, understand the principle of popular projects, learn about recent hacks, play video games, and play board games.

Official Website: https://certik.io