Sang Young, a partner at SecuriTech Solutions, is one of the first IT specialists in Hong Kong to focus on security in IT. Having started his career in IT security back in 1999, he thinks the demand for security in the city has never been higher. 

As an IT security consultant, Young’s main duty is to provide IT audits for clients, who range mainly from government departments to commercial firms.

“In the past, having strong IT security was not a priority for companies since it did not generate revenue directly. Now, people are more aware of protecting personal data. Businesses need to demonstrate to consumers that they can prevent their personal information from leaking, to win them over,” he says.

IT auditing is the process that helps a corporate evaluate the efficiency, effectiveness and security level of its IT system. It is a long and tedious process that can last for months or up to more than a year, depending on the size of the firm and the complexity of its system. 

“The first step is to have an interview with the client. I will talk to the head of the IT department and other IT staff to find out the challenges they are having with the system,” says Young.

Sometimes the collecting of data has to take place at weekends to minimise the impact on company operations. “For example, when we are to collect data regarding the security of a company’s website, we have to do it over the weekend when there is less traffic so the operation of the website is not affected,” Young explains.

The data collected will be analysed and the consultant is responsible for providing a report to the client. “Presenting the report is not an easy job. In most cases, your audience are top management who may not have an IT background. It requires strong communication skills to explain the situation in language that can be understood by a layman,” Young says.

It is up to the clients to decide what measures to take to improve their IT system. “We provide a consulting service only. There would be a conflict of interest if we were to offer software and devices to improve the system,” adds Young.

Another branch of IT auditing involves helping companies evaluate their new IT security systems. “Some companies have their own IT department to work on security. After they have installed a new system, they will employ a consultant like us to rate its efficiency and effectiveness,” Young says.

Since IT security is becoming a more important function in business operations, Young expects a bright future for the field.

 “People who are interested in joining should equip themselves with certificates such as IT security. Web security is one of the most sought-after services in the sector. Having a knowledge of the area is a definite advantage,” he says.