At a very early age, I was interested in information security. From breaking computers and networks to putting them back together and seeing how they all work together, I’ve always had an interest in the industry.
When I began my career as a systems administrator, information security and cybersecurity were not totally distinct disciplines. While everyone had a component of information security in their systems administrator roles, the industry had not taken shape as it has today.
In the early part of my career, I shifted through different jobs, including roles in education, landscaping, and advertising. I found my way back to the cybersecurity industry, tracking and picking apart malware and phishing attacks. One common thread continued to bring me back to the InfoSec community – the ability to create a level playing field where nobody can be tricked, not family or friends, employees, or major corporations.
With typical types of fraud, like three-card monte, or other types of short-cons, I’m not able to protect my mother, grandmother, or others from such crimes. But as an information security professional, I have the ability to help detect and defend against inconspicuous threats that could have a great impact on these same individuals.
Today’s cybersecurity landscape is filled with cyber criminals with unexpected advantages. Whether using email, chat, or simply searching through browsers, today’s Internet is filled with hardly detectable exploits for unsuspecting users. More and more individuals and organizations are falling victim to phishing emails, having information compromised through ransomware, or being targeted by nation states. The playing field is arguably more uneven than ever.
As information security professionals, we can’t just put on a superhero cape and ensure that everyone will play by the rules. But we can help protect users from hackers with an unfair advantage. Here are a few key things I’ve learned that are critical to success.
InfoSec professionals must continually observe data patterns. We need to know what looks right, and thereby can find what looks wrong. When you know normal network behavior, you can more efficiently and effectively identify malicious activity.
One of the ways to obtain this mindset is to understand the various aspects of a computer and its network. For me, this harks back to my early days of breaking and rebuilding computers and networks. These simple activities have helped me be a better information security professional.
Another essential part of being an InfoSec professional is having passion for the work. Individuals in this profession cannot be successful if they are not enthusiastic about what they do. Arguably the most crucial trait for InfoSec professionals is determination. We must never give up – like a dog with a bone. We must persevere to identify impending threats and their origin, and figure how to defend against them before it’s too late.
Over the past two years, the cybersecurity industry has grown tremendously amid threats that have become more aggressive and advanced. Coinciding with industry awareness comes an avalanche of cybersecurity risks.
Companies are building more robust cybersecurity teams and strategies. C-suites are now noticing how cyber threats can pose a real issue for their companies’ reputations and bottom lines. While this heightened awareness is important, so is the importance of self-education. In order to protect yourself both inside and outside the workplace, one must have an understanding of information security or risk falling victim to the next cybercrime.
Though awareness and education is critical, computer users should not be expected to have a full-proof understanding of the cyber landscape. And, laypeople should not have to worry continuously about defending themselves online, in addition to life’s complexities.
It is our job as InfoSec professionals to help protect people from cyber threats and make it safe for them to email, chat, browse a website or purchase something online. It's our job to help level the Internet playing field.
About Robert Simmons
Robert Simmons is Director of Research Innovation at ThreatConnect, Inc. With an expertise in building automated malware analysis systems based on open source tools, he has been tracking malware and phishing attacks and picking them apart for years.