Code Savvy Presents: Cybersecurity

October is Cybersecurity Awareness Month. To honor the industry that keeps us and our data safe, we interviewed two of the top security officers at US Bank to learn more about the industry and what types of opportunities are available for those interested in a cybersecurity career.

To learn even more, check out this blog post by long-time IT Executive and MBA, Anja Bennis:

ARE YOU MEANT FOR THE WORLD OF CYBERSECURITY?

Cybersecurity is a very exciting field to get into! Even if you are not sure you are a “computer person” or a “math person,” there are a myriad of careers for all types of people interested in keeping the citizens of this country and their data safe.

Cybersecurity is the department within companies or hired by companies to protect their computer systems/networks and keep their data safe. This is not just from external attackers but also from how data streams in and out of an organization. Employees make sure that every person within the organization has the information they need to do their jobs and at the same time prevent the exploitation of customer data.

Sometimes careers are located in large data centers and some are even needed by the US Government.

With a position in Cybersecurity, you will:

• Learn how multiple areas of an organization work

• Meet people from multiple departments within the organization

• Open yourself up to multiple careers in many functional areas

• Have a position that is often high-paying and in-demand

• Gain opportunities for your employer to pay for additional certifications

• Be surrounded by the very interesting things happening in this industry. It is fast-paced and there is always something new to learn.

Here are some general tips for keeping your own data safe (a good place to start before you become a cybersecurity professional):

• Keep your software up-to-date

• Avoid opening suspicious-looking emails – Remember, a bank will not ask you to send account numbers

• Check your links before you click - Hover over the link before you click and the destination should show up

• Don’t be lazy with your passwords - a different one for every account

• Disable Bluetooth when you are not using it

• Remove adware or apps you are not using

• Good phone hygiene - keep apps up to date

• Double-check for the HTTPS - the “S” means the site’s security certificate is up to date

• Don’t store important information in non-secure places

• Avoid using public networks

• Use encrypted connections (VPNs) whenever possible

• Backup your data in multiple places, including the cloud

• Train others

If you’re seriously considering getting into the cybersecurity field, here are some skills you can hone that will make you stand out as a candidate:

KNOWLEDGE OF DEVICES

Are you familiar with multiple devices? Do you have basic computer skills? Cybersecurity is not just computers and data centers. It is phones, tablets, cars, pacemakers, power plants - anything with a computer in it---which nowadays could be anything and is protected depending on the severity of the consequences. Learn about them! Ask to see them! Fiddle with them! Read the manual! No really, read the manual. Not cover-to-cover, but flip through it. They are almost all online for free. You may be surprised, devices can actually be even more exciting than advertised, especially when they make your life easier.

KNOWLEDGE OF HOW DEVICES WORK TOGETHER

Attackers look for the weakest point of a system. Computer systems communicate and pass data between one another. Learn how to read a network map, and pick up some basic concepts of networking and web services, which is how information transmits from one system to another. It’s been said that Amazon Web Services is Amazon’s most profitable area, more than their books or consumer goods. Start paying attention to how things work together.

A part of keeping your personal phone secure is both keeping your applications updated and updating your password to a secure multi-letter number password every few months. Things are no different in larger IT departments. Some entry-level Cybersecurity positions include coordinating this type of work.

BE ORGANIZED

This type of work involves keeping multiple spreadsheets, databases, and systems updated and a difference in a version can be a very big, costly deal. You may be sending multiple lists to multiple people. It is important to be organized and precise. Learn a program like GitHub for version control and collaborative documentation.

SOCIAL SKILLS

Early in your career, you will likely be doing less “white-hat hacking” or “criminal protecting” involving computer skills and will likely have more social interaction. A big benefit of Cybersecurity is all the people you get to meet. Even if you find out Cybersecurity does not work for you, you may have exposure to places within the organization where you can learn what all of the other jobs are and what the people are like. Even if these are not your forever jobs, they are great for building a base of knowledge for the rest of your career. Understanding how a major function of an organization like information technology works, as well as finding your place or moving up.

An example of an entry-level task would be asking managers to double-check or attest, their employees’ access to their systems. Because these managers are typically too busy to care about a password change, or to respond to your emails, it is imperative to learn how to communicate succinctly and effectively to get the information you need. Honing these skills in an entry-level cybersecurity position will serve you well no matter if you stay in IT or end up in another department altogether.

LEARN THE LANGUAGE

Every field has its own language and Cybersecurity is no different. Learn it. Learn the terms. It does not cost money. This could even be as simple as putting on podcasts while you do your chores until you feel more comfortable conversing. Don’t be intimidated by symbols and specific names for bugs. Those specific bugs will come and go, but core terms will keep you in the game.

Some examples of core terms:

• Red Team - A team of mock attackers (typically employees) who are testing methods of breaking through barriers

• Blue Team - A team of defenders that attempt to stop and block the efforts of the red team.

• White Team - A team of neutral observers that monitor and ensure that the blue team is working within the rules that have been established when defending the domain.

• Encryption - The process of transforming plaintext into ciphertext.

• Firewall - A hardware or software device or program that limits network traffic according to a set of rules about what access is and is not allowed or authorized.

Here’s a comprehensive list of other cybersecurity terms to familiarize yourself with:

https://niccs.cisa.gov/cybersecurity-career-resources/glossary

LEARN TO WRITE

This advice is out there so much, it is really easy to glaze over, but it is the most important. Don’t glaze over! You may feel that you have written quite a bit already in school or other jobs, but learning to communicate in the language of the industry is important. No matter how well you write, there is always more to learn. It’s always best to learn how to write in the very specific business area that you are looking at. Another fun idea is to think back to the last time someone gave you good customer service and write them a note. Over time, you will become a better writer, and there is a very good chance that might land you a raise. You may not have a Cybersecurity job yet, but if you end up being a better communicator in general, that’s always a good thing.

Being good at cybersecurity means you are inquisitive, innovative, able to think in expansive ways, and are a good communicator. If any of that sounds interesting, you may just find your niche in security operations.