Sakina Asadova is a Cyber Security Consultant at Deloitte in Amsterdam.
SAKINA, CYBER SECURITY IS ONE OF THE MAIN CHALLENGES FOR BUSINESSES THESE DAYS. WHAT ARE MAIN SECURITY ISSUES YOU HAVE TO SOLVE FOR YOUR CLIENTS?
These issues can vary from regular security tests on particular service or software to the comprehensive network infrastructure assessment. In particular, my daily job routine consists of conducting infrastructure and application (web & mobile) security tests, configuration reviews, handle flows between different levels of penetration testing according to clients’ needs, provide feedback and verification about the existing security issues.
Security tests are conducted either on client’s internal network or via the Internet, therefore imitating the role of an attacker from different perspectives. Different scenarios and techniques can be used in order to gain access to systems. This varies from phishing attempts aimed at client’s employees to exploit existing vulnerabilities in systems of the client.
As a more practical example,
I had to break covertly into a client company as a job applicant as a part of red team engagement.
I had to go through the complete interview with senior executives in an attempt to infect the interviewer’s computer which was connected to the internal network with a malicious USB stick. The USB stick contained a payload that opens a remote session to a computer in our office which can then be used to obtain sensitive credentials of the victim’s device. In order to succeed, it is important to apply social engineering to convince the interviewer to plug in the USB stick. Furthermore, I had to stay relaxed during this highly stressed situation to avoid being detected.
DO GEOGRAPHIC ASPECTS AND LOCATION INFLUENCE ANY COMPANY'S INFORMATION SECURITY POLICIES AND WHICH OF THEM ARE MORE VULNERABLE?
Understanding geographic differences in order to detect malicious behaviour and risks they introduce for all size of the businesses, networks and in particular, for employees is critical. It has a significant importance for multinational organizations, in which the threat landscape varies by culture and country. Therefore a single ideal approach for information security policies does not exist. As an example, some countries have more relaxed approach towards information security or some businesses and employees are less diligent to the fact that their use of applications has a significant impact on risks introduced to their employer.
In many cases a cyber breach can be categorised based on where the victims live or work, their dependency on applications or attitude toward the information security. Therefore, corporate policies should consider appropriate products, people and technology in order to detect security-threatening activities that can be both related to the innocent action from employee, or to a malicious attacker trying to get access to the system.
HACKING AS A FULL-TIME JOB - WHAT BROUGHT YOU TO THIS INDUSTRY?
Asked about describing a hacker, probably most of us would imagine a teen guy in hoodie coding from the basement. In fact, while a degree in computer science would definitely ease the way to the industry, cyber security community have professionals from various backgrounds as data analysts, researchers, social scientists, etc. While pursuing a degree in computer science and engineering,
I’m also an intellectually curious person and have a desire to make a difference by science.
To defend countries and businesses from non-stop changing and creative cyber threats require us to think smarter and to be more creative in the cybersecurity field. From protecting a single identity’s privacy in a small application to preventing large businesses against ransomware attack that can completely damage their essential assets, cybersecurity industry makes an impact.
THERE IS AN ASSUMPTION THAT CYBERSECURITY JOBS ARE FOR MEN THOUGH WE ALSO OBSERVE LABOR SHORTAGE IN BUSINESS, GOVERNMENT AND OTHER SECTORS. HOW DOES IT FEEL TO WORK AMONGST THE WHOLE TEAM OF MALE COLLEAGUES?
In general, technology, computer engineering or security jobs are considered more masculine fields and poorly encouraged among young girls.
This problem starts from high school ages and unsurprisingly, also continues during the university and while choosing a career path.
The general assumption of women are not capable or skilled in the cyber field can also be observed in professional client meetings where women are not approached as a leader of the project by default as for whatever reason.
Unfortunately, it’s also not as simple as a perception problem.
Women would not apply for a specific cybersecurity position before they fulfil all of the requirements to a degree that they feel confident, whereas men candidate in the equal knowledge level can easily bluff the way through.
Working in a male-dominated environment can be challenging with high levels of stress and constant need to prove your abilities day and night. However, I feel somehow lucky as my co-workers have always been intentional to fairly evaluate and giving me credits when it’s the case. One of the major things to keep in mind is to speak up – actually sharing the things that make you uncomfortable or underscored from a female perspective.
We need to be an advocate for our own and other women in male-dominated industries.
RIGHT NOW WOMEN REPRESENT A SMALL PART OF THE CYBERSECURITY FILED WORLDWIDE. THAT MEANS THAT THE INDUSTRY IS MISSING OUT ON ALMOST HALF OF THE POPULATION'S TALENT POOL.
I do agree that gender diversity is apparent in the cyber field. Main concerns for a particular problem can be listed as an extremely competitive industry, self-driven and somewhat non-collaborative team structure, in general, war-zone nature of the cybersecurity. Additionally, often discriminative work conditions, lack of work-life balance with high-stress levels or lack of inspiring role model women in cybersecurity can discourage women from imagining their future job in cyber. However, more and more women encouraged joining the industry from different cultures and none of the above-mentioned concerns would ever block a real enthusiastic female candidate.
The fact that the first ever computer programmer was a woman (Ada Lovelace) already should say enough about the talent of women in the field.