Cyber security is a mindset, not just a set of tools and technologies
4 minutes reading time
This article was originally published by Tech UK.
Miguel, Head of Cloud & Security Services at CDS shares his experience of working in Cyber and Cloud for some of the UK’s most important digital properties.
Do you think of the internet as a dangerous and risky place or one that is stable and secure? For the most part, you and I can get the things we want to get done - right? Like our banking, grocery shopping, taxing our vehicles, or playing our favourite games. I actually can’t think of the last time a website or app I wanted to use wasn’t immediately ‘available’… can you?
So, it may surprise you to know that all these applications - websites or mobile apps, are under-attack all the time… and at a scale that you wouldn’t believe. One of the sites we built and manage received a DDoS attack last year that saw a ‘very significant’ volume of malicious traffic to it in a very short space of time. Our stance on security, and our technology partners Cloudflare, meant that we saw no impact to service. Cloudflare’s approach to DDoS mitigation has seen them automatically detect and mitigate some of the largest attacks on record including one recently that saw 15.3mn requests per second!
So where do these attacks come from? And how are these people able to leverage so much power and so many resources to launch them? What vectors might they use for their attack? And if they did get in, what would YOU do about it?
These are the questions that I ask myself all the time. They are also the questions I ask potential members of my team, and the way they answer them tells me an awful lot about whether they have the right mindset to be a success in the world of cyber.
Because cyber security is a mindset. Yes, there are skills required of course, but cyber is really a way of being and thinking that puts security and the idea of security at the heart of everything you do. It’s made up of equal parts, curiousity, paranoia, intrigue, creativity and bloody-mindedness.
Contrary to what you might think, a career in cyber security is open to anyone who ‘just won’t leave it alone’, anyone who has ever felt compelled to finish a task just because they’ve started it, and anyone who has ruined a magician’s act, because you KNEW the card you picked was up their sleeve all the time…
To put this in more business terms, if you are naturally good at solving problems, love a mystery, understand how to work with and manage stakeholders and are handy with technology, then a career in cyber could be for you – no matter where you are today. There’s no ONE route – you don’t need to have graduated with a cyber security degree, some of the most successful people I know in cyber have gravitated into their roles from being previously in IT service delivery, infrastructure and software development roles. It’s really the mindset that’s important, not the route.
If you feel like this might be you, what can you do get yourself into a career in cyber? Here are some of the pieces of advice I give anyone thinking about a career or a pivot into cyber:
1. Follow your natural curiosity. Some of the most talented cyber folk I know are just naturally curious. They want to know how things work, unpick the attack step-by-step and develop a better understanding of its impact to prevent similar attacks in the future.
2. Build your knowledge. There are some amazing resources online and some highly skilled cyber ‘influencers’ that talk about the craft, sharing their experiences of emerging threats and security stances. Training is really important too. Take on as much of it as you can. Many of the big cyber software organisations have free training available on their tools - so start there.
3. Grow your experience. There is no substitute for being in the heat of an attack and doing your best work while the client is on one line, and the TV news is on in the corner reporting on your attack live - as you’re dealing with it. This is a unique and ‘stimulating’ experience. However, you don’t need to start there (and let’s hope you don’t have to…). You could start working with a security company doing penetration testing, either as the tester or in a role at a client organisation that’s needing a test completed, perhaps as part of the IT team. Cloud/infrastructure engineers also naturally have to take a proactive stance on security. Your experience of understanding the real-life application of what you have learned is invaluable.
4. Keep learning. The cyber threat landscape is changing all the time and new vectors for attack are constantly evolving. In fact, they evolve as fast as our ways of working and technology improves! Consequently, your knowledge needs to be as current as it can be, and as far as possible ahead of those threats. Let your thirst for knowledge be as strong as your natural curiosity!
I have loved my 20 years + in technology. It is a rich and stimulating world that is constantly changing and refreshing. The industry needs good people from anywhere and everywhere to bring new perspectives and new approaches to keep organisations and their digital products safe today and into the future, so if you think this sounds like you, please get in touch. We’re always interested to hear from good people.
And if you’re just getting started and aren’t sure what to do next, maybe you’re not happy with your security posture or are worried that you don’t have the resources to give you the security you need - please book an appointment with one of our consultants and we will do what we can to help.