On Oct. 14, Dr. Paras Arora of Microsoft and Somak Shome of IBM joined Simplilearn for a panel discussion, Expert Tips For A Successful Cyber Security Career Today. Paras and Somak spoke about the current state of cyber security and how to build a career in that field: the skills needed and the responsibilities to fulfill.
Paras currently handles the role of Azure cloud engineering at Microsoft. He was the Director of Cyber Security with PwC in India. With over 13 years of experience, he has enabled Clients to build safe and secure environment for business operations. Within PwC, he led a Payment security competency to support clients in their PCI compliance, Risk reduction and Regulatory adherence journey.
Somak is a 20-year professional in governance and compliance of information risk, cyber security and data protection, with a blend of functional and managerial skills. At IBM India, he engages with senior C-suite leaders in the capacity of trusted adviser and guide, and contributes to the organization’s success with his leadership skills. Currently, Somak is setting up and running the Security Consulting services practice in IBM India & South Asia as Competency Leader – Security Strategy, Risk & Compliance.
How Has Cyber Security Changed in Recent Years?
Paras spoke of the explosion in use and applications of computing and online access. This has created vulnerabilities at many more points in an enterprise’s operations and in many more aspects of all of our lives.
Somak recalled how data security once consisted of using the write notch on a floppy disk. Now the volume of data has increased exponentially in the digital economy, data resides in many more places and forms, and at the same time has much more value, securing the data itself is a vital part of securing digital applications and systems.
Next, before beginning the Cyber security career, let us learn the emerging threats.
What Are Some Emerging Threats?
Paras identified some key emerging threat areas:
- Security configuration errors.
- AI-driven attacks.
- Social engineering attacks, which include phishing
- Deepfake for creating fake news propaganda
- Ransomware, such as WannaCry
Paras pointed out It takes only six seconds from clicking on a phishing link to infect a corporate network. He also mentioned that hackers can be rented on the dark web for as little as US$500 and can furnish turnkey malware.
Somak agreed that social factors are a significant threat. Human beings are the weakest link in the cyber security environment. Moreover, many businesses and jobs today essentially exist online rather than in the physical world.
Next, let us understand how COVID-19 has affected the cyber security career.
How Has COVID-19 Affected Cyber Security?
Somak pointed out that the change in our working environment due to the pandemic lockdown has required many employees to work from home. This has required us to use new applications and processes, all of which have increased opportunities for cyber attacks.
Paras mentioned the traditional cyber security triad of confidentiality, integrity and availability. Working from home has increased exposure to hazards like regional blackouts or network interruptions. Working from home also has taken away the physical security of offices, with access control and secure networks.
Somak pointed out that while working from home, endpoint security becomes a major concern. Many workers may be using their own personal devices rather than company-issued equipment. Home networks may also include smart devices that themselves represent security vulnerabilities.
What Does This Mean for Cyber Security Professionals?
Somak’s advice for people looking to enter the cyber security field is to treat their current experience and expertise as a base to build on, rather than something to be replaced with a new skill set.
Paras spoke of the evolution of IT security (keeping IT systems secure) to cyber security (securing systems, data, and ecosystems). Because of this evolution, Paras recommends that aspiring cyber security professionals understand the underlying technology that they seek to protect. For example, to move into cloud security, one should learn cloud computing and become thoroughly familiar with that technology, and then one will be better equipped to understand and move into cloud security.
Somak’s advice to students and freshers is, don’t be choosy. Don’t chase after the hot or popular area, but instead get a sound foundation in general computing technology and then build on that. Pursuing certifications in cyber security is important, but these reflect both knowledge and experience.
Build your network security skill-set and beat hackers at their own game with the Certified Ethical Hacking Course. Check out the course preview now!
What Makes Someone an Attractive Cyber Security Job Candidate?
Somak looks for, “attitude, attitude, attitude.” That’s the attitude to be open to learning, the attitude to be humble, and the attitude to stick to a task and career. Paras also looks for complementary qualities that include awareness of current trends and technologies, taking their career seriously and soft skills of professionalism. Of course, experience in cyber security is important, but good-quality education, training, and certifications can stand in for experience for those new to the field.
In the webinar, Paras and Somak answered a number of questions from the live audience. You can hear the questions and their answers in the webinar replay.
For more Simplilearn cyber security career resources including articles and ebooks, see here. Simplilearn's Cybersecurity Expert Master’s program equips you with the essential skills to become an expert in this rapidly growing field.