Daily Bulletin

The Conversation

  • Written by Joanne Hall, Lecturer in Mathematics and Cybersecurity, RMIT University
What skills does a cybersecurity professional need?

Cyber crime is a threat to every organisation that operates internet-connected devices. It’s highly profitable, highly disruptive, and hard to police due to the transnational nature of cyberspace.

Incidences of cyber crime might include fraud, identity theft or privacy breaches, which can have a high personal impact. Ransomware, which locks a system and demands payment, can have widespread economic or healthcare implications.

In the past year, 25% of the Australian adult population was impacted by cyber crime. If we want a robust and resilient society, we need cybersecurity professionals defending every organisation from cyber attack.

Cybersecurity professionals might work in software development, network testing, incident response, or policy development to ensure the security of an organisation.

In popular culture, these experts are often portrayed as lone hackers in hoodies. But in reality, cybersecurity professionals must regularly communicate with a variety of audiences. They must also display a high degree of personal integrity.

Read more: What teenagers need to know about cybersecurity

What cybersecurity professionals do

To ensure our cybersecurity classes are teaching skills relevant to industry, we consult with security professionals about the skills they are looking for.

As well as technical skills, they tell us they want those they hire to have communication skills, work well in teams, and show empathy and integrity.

The following scenarios show what cybersecurity professionals do on a daily basis. (Names and details have been changed.)

Ensuring systems are compliant

Anna is a software developer for an online retailer. She notices that one of their systems is processing credit card transactions in a way that does not comply with the Payment Card Industry Standards.

The technical project leader does not understand the legal jargon of the PCI standard. The business and legal staff do not understand the software processes behind credit card transactions.

It’s Anna’s job to bring together technical, legal, and business operations staff to discuss the resources required to fix this problem.

Identifying vulnerabilities

Basim is a security specialist working for a consulting company. His team has been contracted by a superannuation fund to conduct a simulated attack on the fund’s network.

Basim’s team grabs a round of coffees and sits around the whiteboard to develop a plan. That afternoon they find a way to change the password of every customer, using a commonly known vulnerability.

Basim immediately calls the super fund to notify them of the dangerous vulnerability. He then spends the rest of the afternoon working with the super fund’s IT team to begin to fix the issue.

The team continues with the simulated attack for three more days and finds a few (less urgent) vulnerabilities. The team collates the attack notes and writes a comprehensive report. The next day Basim hands over the report and delivers a presentation to key members of the super fund.

Read more: Some cybersecurity apps could be worse for privacy than nothing at all

Monitoring and responding to attacks

Chiyo works in the Security Operations Centre of a university. Her team has set up monitoring systems that alert them to any malicious software (malware) on the university network.

The monitoring system alerts her to some unusual activity with a staff email account, and automatically disables that account. She investigates and finds that a staff member has opened an email attachment containing malware.

Chiyo calls the staff member to notify them that their account has been disabled and discusses the process to regain access. A member of Chiyo’s team configures the email filter and firewall to block the source of malware.

Meanwhile Chiyo walks over to the staff member’s office and erases all data on the infected computer. She then works with the staff member to reinstate the email account, set up software, and retrieve documents from backup storage.

Preventing data breaches

Dimitry works in the cyber security team for a government department. His team is asked to analyse the policies, procedures, and structures of the department to look for risks to citizens’ privacy. He discusses the current laws and best practices with a colleague from the Office of the Australian Information Commissioner.

Dimitry’s team identifies five processes where there is a high risk for personal data to be leaked. They analyse each process, determine the likelihood of each type of problem, and examine the possible outcomes of each risk scenario. Dimitry develops a plan and budget to reduce each of the risks. He presents a report to the Minister and the Department Secretary.

The Department Secretary determines that there is a strong case to implement the plan for two of the risky procedures immediately. The other three risky procedures are deemed low-priority, and will be re-examined in six months’ time. Dimitry sets up a team to implement the remediation plan.

Read more: It's time for governments to help their citizens deal with cybersecurity

Integrity and communications skills are essential

These scenarios highlight that, in addition to their technical skills, cybersecurity professionals need to work in teams and communicate with a variety of people.

In each case, the security professional had access to information that could easily be sold on the black market, or exploited for personal gain. Anna could have stolen credit card details. Basim’s team knew about some vulnerabilities three days before they informed the super fund. Chiyo had access to a staff member’s entire email history. Dimitry knows about three vulnerable processes that will not be changed for six months.

Personal integrity is crucial to maintain the security of these highly sensitive systems.

Communication with non-technical staff is essential to ensuring that best practice is implemented across an organisation. A strong ethical framework is an absolute necessity for security staff. The best technical staff will only build a safer organisation if their communication skills are strong and their personal integrity is unwavering.

Authors: Joanne Hall, Lecturer in Mathematics and Cybersecurity, RMIT University

Read more http://theconversation.com/what-skills-does-a-cybersecurity-professional-need-106521


The Conversation



Today I announce the creation of a new National COVID-19 Coordination Commission (NCCC) that will coordinate advice to the Australian Government on actions to anticipate and mitigate the economic ...

Scott Morrison - avatar Scott Morrison

Prime Minister's interview with Alan Jones

ALAN JONES: Prime Minister, good morning.    PRIME MINISTER: Good morning, Alan.   JONES: Prime Minister, there are lots of ups and downs in your job, but you couldn't be anything but disappointed...

Scott Morrison and Alan Jones - avatar Scott Morrison and Alan Jones

Minister Littleproud Chris Kenny interview

Chris Kenny Sky Interview   CHRIS KENNY: Now as we speak Federal Cabinet is meeting yet again considering more measures on the economy and to prevent the spread of this pandemic. So just before th...

Daily Bulletin - avatar Daily Bulletin

Business News

5 Reasons Businesses Need An Excellent Content Marketer

First off what is a content marketer? Well, a content marketer is somebody responsible for the constant creation of visual, video, and written content for your brand. They should be somebody that ha...

Jake Patterson - avatar Jake Patterson

Australians Access Free Workforce and Collaboration Tools

Supporting Australian businesses with free access to crucial business services during the COVID-19 pandemic, the Australian Business Continuity site has seen over 14,000 visitors accessing the r...

Thrive PR - avatar Thrive PR

Taxes for Sports Betting in Australia

The gambling tax regulation varies from one country to the other. Australia ranks highest in terms of gambling. Over 80% of Australians are engaging in gambling of some type or the other. It is incl...

News Company - avatar News Company


News Company Media Core

Content & Technology Connecting Global Audiences

More Information - Less Opinion