Bootcamp Reflections - Cyber Security Technician Part 1 (Unit 4)

USo it’s been a brilliant and insightful week learning all about cyber security with Bob from the Specialists Hub with lots of useful and practical knowledge to take away. It’s also becoming increasingly clear to me just how important being cyber aware is in the matrix of modern day technology and devices designed to, in theory, make our lives much easier. The volumes and range of cyber attacks is shocking and has certainly been an eye-opener for me. Although I’ve had some cyber security awareness training in previous administrative roles, I wasn't too knowledgeable about the whole range of attacks possible prior to this course. So far, the unit so far has increased my understanding of just how important it is to be aware of the different cyber attacks no matter what industry you are in, as well as what we can do to best defend against them, especially since attacks and technologies are evolving and changing all the time.

During the first couple of days, we covered a whole host of key cyber security definitions which I expect will be an invaluable reference point as we prepare for our cyber security report and formal online examination next week. It was interesting to consider the relationship between assets, threats, and vulnerabilities and how we can use classification diagrams or tables to determine criticality for key business functions, from low, medium, to high risk. In our breakout rooms we explored an allocated case study of a large-scale cyber attack to identify the threat, vulnerability, and impacts. Our group explored and discussed the shocking Ashley Madison data breach case which shows just how far reaching and damaging cyber crime can be, not just from a company point of view but also how it can ruin the lives of individuals.

On day three we learnt all about network infrastructure and how systems and devices in networks work together, as well identifying what types of vulnerabilities they can have and how we can protect them. We also had interesting discussions about the legality of NSO Pegasus Spyware which seems a bit of a grey area in terms of issues like legality and ethics. It’s become clear that no system or software is perfect, but everyone needs to be cyber aware to know how they can protect and look after all of their devices, particular when it comes to the ever-growing connectedness of our devices or the Internet of Things.?In my own time for our guided homework activity, I explored the use of VPNs, looking at how these work and examining just how secure these really are. It does seem to be the case that using VPNs seems to be better than not using them, particularly for remote working, but can still have their limitations and disadvantages.

On day four we explored various regulations, legislation, certifications, and standards or testing organisations focused on cyber security and protection, including analysing through group discussion government guidance, minimum standards documentation, and a detailed look at US-based National Institute of Standards and Technology (NIST) and the UK-based National Cyber Security Centre (NCSC). I was particularly impressed by the NSCC incident response function and level of support. We also looked at the roles of individuals and considered what responsibilities and obligations we would need to follow as potential cyber security employees including data protection laws like GDPR.

Today, the final day of week 1, we explored the various controls that organisations can implement to protect their organisations from cyber attacks, including physical, procedural, and technical. Many of these rang a bell from my years of working in administration. For instance, I'm used to having a staff ID, unique staff log in, swipe card access for staff areas, and set permissions to administrative files. It was particularly interesting to learn about more the technical controls we can employ, and I look forward to learning more about network controls next week.

Although cyber security might not be the pathway that I necessarily pursue (but you never know!), it is clear in my mind just how important it is these days for all individuals to be cyber aware and to know how to protect their devices, and this applies in whatever industry I end up working in. It's also made me think more about the important of learning to code properly for the web if I ever decide to get more involved in web development/design, with their being many loopholes that cyber criminals can try to invade. Although designers might look after the key design aspects of a websites, they also need to know what cyber security features to incorporate into good website design to ensure the front-door of a website is secure. I look forward to reading more about how designers might do this as I explore this topic further in my own time when I revisit HMTL/CSS from Unit 1 Programming.

To be continued...