It’s been 16 exciting years in the field of Information Security. I vividly remember the initial days of engineering when I wanted to pursue mechanical engineering and then incidentally bumped into computer science & engineering. Back then, two books that came close to Marvel comics stories, now, were Networking and Infrastructure books from William Stallings and Tanen Baum, a fascination that has stayed longer in my career.
Very soon, I learnt about IT world from a business application-development and infrastructure-support industry, that called for a secure technology & operations focused framework. There has been a tremendous learning to know how security is an integral part of the technology world, wherever there is presence of information and data. Technology revolution has brought in newer areas like virtualization, cloud, DevOps, IoT, blockchain and Industry 4.0. With that, we have an ever evolving multi-dimensional attack surface, with newer threats to deal with, every day - least to mention, at this point, we are in the middle of a 'never known threat landscape' induced by the pandemic Covid-19.
My role through the years has been in the capacity of a security risk advisor, working as a team of experts, for businesses in various industries. This includes understanding businesses and how IT systems, applications & resources enable them – and, identification of weaknesses in such areas, that might lead to larger business impacts & risks. I have been part of few security transformation programs, to advise and help clients improve their security maturity, in terms of how their systems and resources are secured. This serves the larger objective of ensuring that business risks are mitigated. Such businesses have moved from technologies like Storage Area Network to Cloud based Storage, from Managed Data Centers to Cloud hosted Systems, from ERP’s to Cloud based systems varying from resource planning, procurement, customer support to benefits processing and more! Not to miss out the e-Commerce companies running their business over Internet and Web Portals. And this day, as I am writing - the whole world is running businesses and operations over internet and web portals.
Over the years, the whole range of security exposure has shifted from breaches and attacks using Malware or Trojan to completely thwarting businesses by running Distributed Denial of Service (DDoS) attacks on their Cloud hosted applications! The ways of attacks and hacks have evolved manifold as well. When I started, the hackers used to look for financial information, meaningful records or, may be, customer information to steal and use for specific gains.
Today, things are quite different – hackers send credible looking emails (phishing) to employees of target organizations to “phish” for meaningful information and then, the information gathered could be used for multiple purposes including passing illicit financial transactions, gathering credentials and stealing data, publishing personal data on unintended forums – least to mention the regulations that have come up in past few years to levy heavy duty penalties. As the world today is fighting Covid-19, the cybersecurity army is on their toe combating the hackers foraying into a whole new set of breaches and attacks, due to the internet-dependent information dissemination, high volume of business transactions over internet and the new work-from-home way.
There is an evolution of skills required in cybersecurity. Besides having security basics in place, it demands quite a deep need for analytical, problem solving, technology know-how too. Cybersecurity professionals never had such a varied range of opportunities than now – and more so, a need for enhanced diversity ratio. Diversity practitioners are needed more, to bring in unique strength vectors and bridge the skills gap.
Like the Marvel Comics, we need Captain Americas with their protective Shields, Iron Men with their AI driven predictive intelligence to perceive threats, Ant Men who can run as micro agents to stop the new-age breaches and attacks. There is an entire breed of ‘Thanos’ thriving in this virtualized technology world now – and the cybersecurity Avengers are required to assemble and be ready for the “Infinity War” – this time to Win!
