Although, he’s a well known speaker, Microsoft MVP, fiction author and Trainer, Andy Malone wanted to share some tips and advice on how he got started in the Cybersecurity space. So we asked him 6 simple questions. Feel free to feedback and share any tips you might have. Andy can be seen later in the year in Orlando at Microsoft Ignite and in Amsterdam for The Cybercrime Security Forum Europe 2018.You can also visit Andys Twitter page @AndyMTipalone.
Q1: If there is one myth that you could debunk in cybersecurity, what would it be?
The one myth that I hold dear is that hackers are shady cyber criminals who live in the shadows and do the most damage. The sad truth however, in most cases, hackers are opportunists. Often script kiddies, malicious employees or ‘wanna be bad guys’ who have got hold of a tool and thought, hey I wonder what this does. Once, having the tasted blood, they then expand their knowledge and arsenal to attack more tempting targets.
Q2: What is one of the biggest bang-for-the-buck actions that an organization can take to improve their cybersecurity posture?
In my humble opinion, the greatest action that an organisation can take to improve its security stance is to move from a traditional defence-based methodology to one that assumes that a breech has already taken place. By assuming that the bad guy has already breeched your network, the focus for the company shifts greatly towards detection and an information protection stance. For example, adopting file classification, rights management, data loss prevention policies and encryption. In principle, even if the bad guy obtains your data, it would be useless to him.
Q3: How is it that cybersecurity spending is increasing but breaches are still happening?
When I think of the technology that we use today, it reminds me of a box of Lego. TCP/IP, basic networking components and most operating systems that are in use today are essentially the same as they were twenty years ago. So, in Lego speak this is essentially the green board that we build our businesses upon. So, although we can add new services, security features and functionality. In many cases the basic flaws still exist thus allowing an experienced hacker to easily circumvent an unpatched system or a poorly managed, weakly secured environment.
Q4: Do you need a college degree or certification to be a cybersecurity professional?
Absolutely not! However, that said I would certainly recommend taking some form of certification exam such as the excellent CompTIA’s Security + certification. It provides a great grounding in Cybersecurity. From there, the sky’s the limit. There is a plethora of security options for you. Firstly however, you should be aware that cybersecurity is an enormous area with many career options, and at some point, you need to pick a lane. Networking, ethical hacking, social engineering, information security, digital forensics, threat detection and response and fraud are all possible career paths. So, have a think about what you’re good at, what drives you. Then take the step forward towards achieving those goals. Don’t worry about attending expensive classes either, there is a wealth of on-line learning opportunities, from hands on labs to video tutorials. You can also easily supplement your knowledge by obtaining self-paced books, free software, trial accounts and demos to supplement your learning goals. Then, when you feel competent simply take the exam. These are hosted through Pearson Vue or Prometric testing centres, and you can now even take a webcam proctored exam at home in your pyjamas.
Q5: How did you get started in the cybersecurity field and what advice would you give to a beginner pursuing a career in cybersecurity?
Too be honest, I have to take my hat off to my Brother in Law, and the author of this book, Marcus Carey. His tales of cybercrime and hacking really inspired me. That was thirteen years ago. Today, I train, consult and speak on various cybersecurity topics all over the world. I’ve become a passionate advocate of good security practices.
Q6: What is your specialty in cybersecurity? How can others gain expertise in your specialty?
Cybersecurity casts a great shadow over business and with so many career options, it’s often difficult to make a clear choice. For me, I have four favourites. Digital forensics, social engineering and identity and access. Of these, I would say that the latter probably takes up a lot of my time. As a Microsoft MVP (Most Valuable Professional) in Cloud & Datacentre I teach and consult a lot in Microsoft cloud technologies including Microsoft Azure and Office 365. At the moment identity convergence is the latest buzz phrase. With so many users still using multiple usernames and passwords, identity federation and single sign on are a hot commodity. If this is an area of interest, then of course you can take the official Microsoft courses. But,if you, like many, have a limited budget there is a wealth of free online materials. Take a look at the excellent Microsoft Virtual Academy (MVA) https://mva.microsoft.com/ Other great resources include YouTube and Microsoft’s excellent document repository https://docs.microsoft.com/en-us/ and not forgetting Microsoft’s Technical Community https://techcommunity.microsoft.com/
Q7: What is your advice for career success when it comes to getting hired, climbing the corporate ladder, or starting a company in cybersecurity?
Top tip! Learn how to not only take advice but also how to take criticism. Being arrogant will never earn you friends and may possibly damage future business relationships. Like, a wise man once said, never burn your bridges behind you. Learn as much as you can, set yourself defined and reachable goals. Never let anyone tell you that you can’t do it. Learn how to widen your business contacts by joining networking groups, as well as learning to get the most out of social media. In terms of starting your own company, don’t be afraid of the challenge. Yes, it may be difficult, but in the end, it will be worth it. When you do finally get there, never forget the little guy, that one employee who stays late, that one guy who’s willing to go that extra mile. A good employee is like a gold bar, precious and definitely worth holding onto.
Q8: What qualities do you believe all highly successful cybersecurity professionals share?
One of my pet hates is being called an “expert”. In my opinion we’re all learners here. Cybersecurity, along with technology is like the old west, and at the moment we’ve only just reached the frontier. It’s a never-ending journey for improvement, and it’s a constant game of chess against an adversary who is attempting to outwit you at every turn. Ultimately though, as in the military world, you may win the odd battle, but ultimately the war rages on. So, for me, qualities would include the passion to succeed, determination, tenacity and the drive to keep your skills updated, which sometime can appear to be a constant and arduous struggle.
Q9: What is the best book or movie that can be used to illustrate cybersecurity challenges?
One of the greatest fears a person can have is the loss of his or her identity. I remember seeing the thriller, The Net with Sandra Bullock who plays a virus and malware researcher. As a consequence of a discovery, suddenly finds that her identity has been compromised. In just a short time, her entire life is turned upside down by a shady organisation of bad guys who are attempting to infiltrate the US Government with a malicious software program called The Gatekeeper. That was a great movie.
Q10: What is your favorite hacker movie?
Oh, this is an easy one for me. The 1983 Matthew Broderick classic, War Games which is about a Seattle based teenager who hacks into the WOPR (War Operations Planned Response). A Top-secret computer that is installed to help avoid the possibility of human error in a nuclear war, of course, things don’t entirely go to plan.
Q11: What are your favorite book(s) for motivation, personal development, or enjoyment?
You know I have to be honest here, I’ve never been one for those types of books. However, in terms inspiring moments. This is something I can share. When I was a kid I left school with nothing and growing up every Thursday I watched an old TV Show called The Paper Chase with an actor called John Houseman. He played an old crusty professor at Harvard law school. He was that guy you thought would be the meanest person in the world, but in the end, he was the kindest and really cared for his students. After leaving school with no qualifications I was inspired to go into further education and eventually earn a degree. I’m sure after reading this, you’ll be able to recall a moment in your life where something similar happened to you. That one person, or a conversation perhaps, and if not then use this as a model. Never let anyone tell you that you can’t be what you want to be, or you can’t do something. These people are basically in your way. You have to move past them and fulfil that dream.
Q12: What is some practical cybersecurity advice you give to people at home in age of social media and the Internet of Things?
There’s no doubt that social media has changed our world, and I’m not convinced it’s for the better either. You just have to lift your head up from your smart phone and realise, holy crap look at that. We’re all addicted to these dam devices. Every single one of us, on trains, airports, at work and even in bed at night we can’t put them down, and you have to ask why? But also, why are we so addicted to social networks?
I think it’s because we all have an innate need to be wanted, be belong to something or someone, and perhaps this is the way the future will be. I certainly hope not. So, my first piece of advice is to detox yourself and your family from social media. In terms of the Internet of Things, treat it like any other technology. Plan for it, understand how it works, investigate its weaknesses and ultimately learn how to protect yourself, your family and your business from any potential variabilities it may have.
Q13: What is a life hack that you’d like to share?
I’m a huge Star Trek fan. I remember an episode of Start Trek: The Next generation called Tapestry. In which Captain Picard is killed and encounters the character Q, played by John DeLancie. Appearing as God, Q listens to Picard’s tales of regret and agrees to give him another chance at life. So, after transporting him backwards to his early days in Starfleet Academy, Picard strives to avoid making the mistakes he made in his youth. But of course, he ends up changing so much that he actually unravels his life and when he’s finally returned to the Enterprise, he’s no longer the Captain. He’s a junior officer. Of course, it all works out in the end, but the lesson here was that in life you have to step forward, you have to get noticed if you want to succeed. Otherwise your life will simply drift. Don’t live with regret, learn from it and move on otherwise it will consume you.
Q14: What is the biggest mistake you’ve ever made and how did you recover from it?
Gosh that’s a tough question, I’ve made a few, and it depends upon if you’re talking about technical mistakes or life mistakes. I guess we’re all guilty of those at some point. The biggest technical mistake I made was not too check that a back-up had been performed at one of my major clients. So, of course when I deleted their database by mistake, there was mayhem. They were crazy mad with me. It took 2 days and nights of hard work to get the data back. In the end it all worked out, and you’ll be surprised to know that they are still a great customer. I can tell you after that experience, I never made that or a similar mistake again.
The post Considered a career in cybersecurity? Andy Malone MVP shares his story appeared first on Collab365 Community.
Read more: collab365.community