Pursue a Career in Cybersecurity and Protect Those You Care About
26th October 2023
The October 2023 edition of Chartered Institute of Information Security Pulse magazine is now available to members, and I’m delighted to have contributed another article to their publication.
October's theme is inspiring the next generation of cyber professionals, and so I've written an editorial encouraging readers to consider a career in this field. You don't need to be a technical expert to get a foothold in the industry, and the skills you'll learn will help you to better protect your friends and family as well as the people you work with.
Pursue a Career in Cybersecurity and Protect Those You Care About
Technology is omnipresent. Whether we’re purchasing goods with a contactless debit card or sending emails to friends half way around the world, we’re reliant upon well maintained, secure and highly available systems to transmit messages, currency and other sensitive data. Though despite the many conveniences this exciting digital age bestows upon us we do face numerous challenges, especially when it comes to cybersecurity.
With so many facets of our day to day lives moving online, I’m sure you’ll know someone - a co-worker, a friend or a family member - who has fallen victim to a cyber attack. Regardless of whether it was a social engineering campaign, a phishing email, ransomware or financial fraud, the emotional distress, knocks to confidence, and distrust in the online world that follows can be devastating.
You’ve got it within you to better prepare and protect your loved ones from such threats in the future
So, what if I told you that you’ve got it within you to better prepare and protect your loved ones from such threats in the future? By embracing a security-first mindset and pursuing a diverse and exciting career in cybersecurity you’ll not only develop the necessary skills and technical prowess to do just that, but you can go on to better protect, secure and defend systems that thousands - if not millions - of people have come to rely upon.
The road to becoming a cybersecurity professional isn’t always a straight one, and you needn’t be a technical wizard to get started either. So what if you’re not the next Elliot Alderson or Thomas (Neo) Anderson. People from all walks of life can move into this fascinating field. Naturally, those of you who already have a deep understanding of networking, server administration, virtualisation and systems security have inroads, but for companies looking to maintain a mature cybersecurity posture, they require so much more than hardened firewalls and off-site backups.
Do you have an eye for detail? Perhaps you could work in incident response. Companies big and small need people like you to analyse data and triage alerts, looking for patterns and indicators that could highlight that something mightn’t be right. Are you a writer or a good communicator? The industry needs people who can articulate information in clear and concise ways, catering for a wide variety of different audiences, to deliver strategy updates and change. Perhaps you like to tinker and experiment with technology? Well there’s a demand for you too, securely linking disparate systems together and automating processes to improve accuracy and reduce risk. Alternatively, perhaps you’ll find your calling as a penetration tester?
Regardless of the route you take, there’s a good chance your employer’s pre- existing IT and cybersecurity teams will hold - or be working towards - a cybersecurity framework or standard. In the United Kingdom a popular choice for many organisations is the Government backed Cyber Essentials scheme, which helps companies put in place basic technical controls to protect against cyber attack. ISO 27001 stands out as another popular choice, serving as a robust standard for effectively managing information security. Then there’s the NIST Cybersecurity Framework with its five functions - Identify, Protect, Detect, Respond, and Recover - for managing and maturing cybersecurity postures over time.
As a cybersecurity professional who works with these frameworks, standards and guidelines you’ll begin to build an in-depth understanding of various best practices and security measures. You’ll gain the necessary expertise to identify vulnerabilities in computer systems, network design, and operational processes. More importantly you’ll become equipped to propose viable improvements and remediation strategies for addressing these weaknesses. You may find yourself invited to help design, underwrite, and implement better security controls that’ll harden end-user devices, protect data flow, prevent data loss, and so much more.
But how does all of this translate into protecting your friends and family? After all, it’s unlikely they’ll have servers in the garage or giant databases full of data. In my opinion it doesn’t matter whether it’s a FTSE 100 company we’re talking about here, or your own Mum and Dad. A successful phish is still a phish, and there are usually dire consequences for the victims.
Take a moment to think about what devices you have at home, whether that’s a mobile phone, the kids’ games console or even the TV in the Living Room. Most of these devices run firmware or complex operating systems that can be exploited by active vulnerabilities. Are these devices all up to date? Are automatic updates enabled? Does your parent’s laptop have a modern firewall and endpoint protection installed on it right now? It’s worth taking some time to audit their security posture and propose changes if necessary.
What about your home network? There’s a good chance you’ve got WiFi, but who has the password? Do you let anyone connect to it, or only your family members? Some routers have the ability to provide a guest network, which keeps friends and visitors devices segregated from your family’s? Does yours? If so, do you make use of it?
Once you’ve taken stock of the equipment at home and ensured a good level of foundational security there, have a think about your friends and family’s approach to security. Do they share credentials with others? Have you noticed them using the same password for everything? Are their accounts secured with multi factor authentication? If you’re unsure just ask the question the next time you spend time with them. Offer some friendly advice and highlight how making these small changes can significantly enhance their overall safety online.
Now, take a moment to recall the person who fell victim to a cyber attack from earlier. With your sharpened skills you could extend a helping hand, educate them on social engineering techniques, and how to recognise suspicious emails, messages and links. By having these discussions you’ll quickly position yourself as a trustworthy, knowledgeable resource; Someone they can turn to if they’re ever unsure about an unsolicited phone call, or an email offer that looks too good to be true, in the future.
If you hadn’t considered it before, I urge you to contemplate stepping into the world of cybersecurity. Not just for the challenges but for the greater purpose it serves.
If you hadn’t considered it before, I urge you to contemplate stepping into the world of cybersecurity. Not just for the challenges but for the greater purpose it serves. It isn’t a walk in the park. The field is constantly evolving, where defenders like us must strive to stay ahead of the criminals, the bad actors, and the tools and techniques they use to target the people we care about. The satisfaction of thwarting a cyber threat, however, and knowing you were able to play a part in stopping one of these attacks is incredibly rewarding. So join us in this noble endeavour why don’t you, and help nurture a security- first mindset into the hearts and minds of everyone you hold dear. We’ll be all the better for it.
If you'd like to support me in what I'm doing then you can always buy me a coffee, and I'll pick it up myself!