Version 1’s Sat Gainda believes that no individual is off limits from attackers and security should be a part of everyone’s role.
Sat Gainda is the AWS practice lead for the UK and Ireland at Irish IT company Version 1. He has many years of experience in cybersecurity working with open-source, bespoke and commercial off-the-shelf technologies that reside either in traditional data centres or in multi-cloud environments.
Gainda’s experience spans a range of industries including finance, government and manufacturing and he currently holds a number of globally recognised security certifications.
He also spends some of his time sharing his knowledge with the wider tech community through white papers, articles, blogs and by giving talks.
‘Attackers are innovative and attempting to stay ahead of them is challenging’
– SAT GAINDA
What does a career in cybersecurity look like right now?
The demand for cybersecurity professionals is at an all-time high. Any sector that has a technology presence is in need of people with cybersecurity skills. The recent Covid-19 pandemic has led to more people working in remote locations and thereby increasing the organisational network perimeter and attack area.
Careers in cybersecurity are varied and can include security administrators, DevSecOps engineers, consultants, analysts, developers, penetration tests, architects and chief information security officers.
Ensuring that you have experience, are trained and have certifications will aid you in your career. Making vertical or lateral movements to these roles can be fast, it all depends on the individual’s willingness to make that step.
What role does cybersecurity play in tech roles nowadays?
At Version 1, we consider cybersecurity to be everyone’s role. The entire organisation plays a part. No individual is off limits from attackers, so we need to ensure that we undertake mandatory training and have a heightened level of awareness when it comes to cybersecurity threats. It is critical that our customers’ people, data and workloads are protected from attacks whether they be external or internal.
All tech roles, whether they have the phrase ‘cybersecurity’ or ‘security’ in them or not, should have an element of cybersecurity in their day-to-day activities. If the role involves making configuration, changes, designing or coordinating projects, the first question that should be asked is, “What are the security implications of change or inertia?”
By ensuring that all tech roles have an element of cybersecurity, everyone participates. Regular and mandatory training will ensure that people have a culture of security within their organisations, which extends out to their customers and third parties.
All organisations need to have a clearly communicated cybersecurity strategy that people should be familiar with. This facilitates decision making for tech people and allows them to follow the cybersecurity direction and gives directions for cybersecurity escalation and reporting paths.
What technical skills do cybersecurity professionals need right now?
The fundamental skill to have is cybersecurity awareness, which will allow people to get into the minds of attackers and understand the techniques they use to carry out malicious activities. Following on from this, an understanding of operating systems (Linux distros and Windows), networking and cloud services is key.
The role of specific cybersecurity services such as anti-virus, firewalls, patching, WAFs, intrusion detection and anomaly reporting all play a part and should be fed into a centralised operations or security operations capability within an organisation.
That means knowing how the pieces of the puzzle all fit together to form a technical organisational estate from a high-level architectural view that will aid professionals to understand areas of strength and areas that require fortification.
Having knowledge of Linux and Windows scripting languages such as Bash and PowerShell will help professionals navigate around the most common operating systems. Tying this in with other scripting and programming languages such as Python, Java or Perl will give cybersecurity professionals an advantage and an essential foundation of technology and cybersecurity.
Taking platform-agnostic certifications will make cybersecurity professionals more well rounded and enable them to learn about cybersecurity in a holistic manner.
Some notable certifications are:
- CompTIA Security+: An entry-level certification that can set a technical professional on their way into the cybersecurity field
- EC-Council Certified Ethical Hacker (CEH): By working towards this certification, the individual will learn about the penetration ‘tools of trade’ which modern attackers use to gain unauthorised access
- CISSP: One of the most widely recognised certifications in cybersecurity, which covers all a number of domains such as security and risk management, asset security and security engineering
Domain-specific certifications are also very useful. The AWS Certified Security – Specialty Certification covers general cybersecurity concepts as well as drilling down to ensure the professional understands how cybersecurity applies to AWS services.
What are the biggest cybersecurity challenges facing those working in tech right now?
Keeping on top of the cybersecurity landscape. Information is vast and can be overwhelming. Technology is a vast subject area and cybersecurity is infinitely as vast.
Attackers are innovative and attempting to stay ahead of them is challenging. This is why it’s important for a professional to keep their knowledge current, whether it be formal training, certifications, learning on the job, reading or listening to podcasts. By continually learning and applying best practices, professionals will keep up with the field.
With the innumerable opportunities in cybersecurity, it really is up to the professional to shape their career. Taking a structured approach to learning, experience and taking their career into their own hands will allow them to thrive.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.