Soniya Advant, On the journey for a CISSP
Some things inspire us and have a “wow” effect on us. Some things inspire us and make us wonder more but some things inspire us and make us take an action. I remember giving my first presentation about Cell phone viruses and security in 2008 for my intercollege paper presentation competition, and this was the first time I got interested in cyber security. After winning that competition, I started participating in more state and national level competitions, going to different colleges to listen to different speakers and reading the latest news about what is going on in this field. All my college and Master’s projects were based on Cryptography, Antivirus software (mini model development), watermarking, cloud computing in the banking sector and so on. On the personal level, I try to design the models and frameworks which I am sure will be useful for the organizations soon. My journey on the Cyber Security path has just started and I am excited to go further, learn continuously, be aware of what this cyber world has to provide me.
I can clearly compare the awareness level among people in 2008 and 2017. People and organizations have become so much aware of what content they are making digital and what can be the consequences of that if tomorrow their data is hacked. Today, when we think of being attacked virtually, what appears in our mind are the bank passwords, our social security numbers, our production codes (if you are an organization), access controls check and the list continues. The cybercrimes (‘CC’ I would say) have expanded their horizon to all the Industry sectors. According to the ITRC report the highest level of breaches take place in Health and Medical sector and Hacking/Skimming and Phishing report to around 60 % of the total breaches, the cyber hygiene is necessary in all the sectors. There is nothing that we are not aware of about protecting our assets yet there is everything that we don’t know about protecting them. The cyber stage is expanding horizontally and vertically. Below is the checklist which could be kept on top of your mind every day to see if you are safe in this cyber world. These pointers can be a good start either to enter the cyber world or to have a quick check list of whether you and your team are going on the correct cyber track.
- Keep a check on the legal / federal policies/ cyber laws of the country in which you are operating.
- Understand the cyber specific standards and policies within those legal / federal policies.
- Design the cyber security policies for your organization as a whole as well as to the specific business units (There is a significant difference between cyber security and IT security !!!) Designing IT security policies is not enough.
- It is important to perform Risk analysis and identify/ implement the safeguards to reduce the vulnerabilities. (This could be done through Risk Assessment frameworks and Methodologies)
- Understand the cycle of:
Threats exploit Vulnerabilities resulting in Exposures which are Risks which can be mitigated by the Safeguards which protect your Assets which in turn are endangered by the Threats.
- Physical, Logical and Administrative Controls should be updated and kept track of after specific time intervals.
- Sufficient time and resources should be allotted for designing and implementing Business Continuity planning and Disaster Recovery planning because investments just now will help to protect you later.
- Data roles and proper awareness trainings play an important role in educating people about the importance of protecting their assets.
- In today’s Digitally connected world, focus should be more on securing network architecture, network components and understanding the latest network attacks. Because we never know, the attack on one particular industry can be replicated in other industries within no time. Because your industry is not affected just now does not mean it is Safe forever.
- Hire experts/ consultants who can help you identify, design and implement a strong cyber security wall around your organization. Every person in the organization should be involved and should contribute to making your organization a safe place to work and a safe place where clients can put in their trust.
Hope these pointers will serve as a baseline over which we can build a strong cyber protected digitally connected world.
Magda Lilia Chelly, is the Managing Director of Responsible Cyber Pte. by day, and a cyber feminist hacker by night. Magda is the brand ambassador of Peerlyst, one of the strongest InfoSec online communities. She spends most of her time supporting chief information security officers in their cyber security strategy and roadmap. She reviews technical architectures, cloud migrations, and digital transformations. She is continuously raising cyber security awareness & diversity at a global scale.
She is currently based in Singapore, with a global reach through her company in 19 locations worldwide. She speaks five languages fluently, and has a PhD in Telecommunication Engineering with a subsequent specialization in cyber security. She also was recently nominated as global leader of the year at the Women in IT Awards 2017, and TOP 50 cyber security influencer globally.
Also in Cyber Role Models
Franziska Bühler currently works as a Senior Systems Engineer in Switzerland.
Her main areas of responsibility are web server security and everything related to the access layer. In Switzerland, this typically includes authentication and web application firewalls.
She holds a Bachelor of Science degree in computer science with a specialization in IT security. She is also a Certified OSSTMM Professional Security Tester (OPST), accredited by ISECOM (Institute for Security and Open Methodologies).
Amber C. Williamson is an IT Mentor Advocate for upcoming aspirants in the Cybersecurity & Information Technology world. Her journey was introduced during her childhood and has never left. She is the first generation in her family to have a Double Bachelor’s and Double Master’s Degree in Biology, Computer Science, Information Systems, and Network Communications. Amber has over 12+ years of industry experience and currently pursuing her cybersecurity certifications for 2018. She is a force to be reckon with and willing to make a difference in the lives of others in Cyber Security.
I worked my way through college at a Research and Development lab for a company that milled flour and made baking mixes for consumers as well as restaurants. I obtained my degree in Chemistry and the lab job included running the analyticals to write the product nutritionals (%fat, %carbs, %protein, etc.). At almost 6’ tall, I was significantly taller than my manager and when she went to read the instrumentation, her results varied significantly than mine. I used a software application to calibrate the instruments to remove the human error. It worked well and they asked me to do this for the instruments in their Quality Assurance lab. This was the only time I have ever “coded”.