CAREERS
TERM 4, 2020
withSTEM
â„¢
LE DOSUSBUE I ER FOR
V LOGY O FLEIPCO N H T
cyber security
Meet the people keeping your money safe from hackers p5
We bust the myths about real-life cyber careers
Digital Forensics
p10
Challenge your cyber skills while still in school p8
CAREERS with STEM.COM >CREATIVITY >CULTURE + MYTH < >EDUCATION < >WELLBEING + PATHWAYS < >SPACE< ESSENTIAL < SKILLS BUSTING < + >WELLBEING COMPETITIONS
>BUSINESS<
The Schools Cyber Security Challenges are designed to equip students with cutting edge cyber security skills, providing teachers with resources to support the teaching of cyber security concepts, and inform students of career opportunities in the field. The Challenges are classroom ready, and aligned with both the Australian Curriculum: Digital Technologies and the ICT Capability.
An introduction to information security
Wired and wireless network security
Data encryption and transmission
Web application security
FREE interactive classroom activities aligned to the Australian Curriculum: Digital Technologies
Visit: aca.edu.au/cyber
Developed by the ACA in partnership with:
CAREERSwithSTEM.com
2
FOREWORD
b o j m a e r d r u o y Find y it r u c e s r e b y c in
– and growing! – discipline, se er div d, oa br a is y rit cu se Cyber your skills and interests with job opportunities to match
SHUTTERSTOCK, LAUREN TROMPP
W
security, hen you think of cyber to mind? Is it es com – o what – or wh screens in hackers in hoodies, bright eone like me? dark rooms? Or is it som iversity of I graduated from the Un a Bachelor of Ar ts. Western Australia with blic ser vice for After working in the pu ched to join their seven years, I was approa w my career in no d cyber security team, an more than a ed nn cyber security has spa e at the decade. In my current rol stralia, I’m Au of nk Ba h Commonwealt ining and focused on delivering tra improve cyber education initiatives to security behaviour. ple who want to Cyber security is for peo eer, who are car ir ma ke a difference in the ms ble pro ve sol creative and like to coders ace to n itio add collaboratively. In ent from a broad and hackers, we need tal data science, range of disciplines like ting, project research, business, marke ation and management, communic a few!). psycholog y (just to name read about men l u’l In this magazine, yo backgrounds, and women from different with tech, and people who are obsessed ed in their life – people who’ve never cod
samantha wood CYBER OUTREACH MANAGER what they all have in com mon is that they’re passionate about keeping Australians and Australian business es safe online. Start asking yourself if you want to be part of one of the fastest gro wing and crucia l sectors worldwide? An ind ustry that’s crying out for people who are cu rious, adaptable and have good communic ation skills. If that sounds like you, then you’ll find a career where you can ma ke a rea l difference in a fast-paced, exciting field filled with passionate people, wond erf ul mentors and continuous learning oppo rtunities. Samantha Wood Cyber Outreach Manager , Commonwealt h Bank of Australia
Which cyber security role suits you?
Want to know which box to tick when sussing out cyber roles? Quiz yourself! 1. Your phone starts acting weird. Do you: A Check out hashtags for news on trending attacks B Update your software and change your passwords, pronto C Throw your phone away and get a new untraceable, non-GPS handset
ANSWERS: MOSTLY As: Analyst
ghts You’re ace at get ting the insi big and intel together to think picture, understanding the it. problem as well as acting on and ent Project managem . communication skills are key . dirt re mo get to Head to p5
2. You’re taking part in a cyber security challenge. What’s your role? A Leader. Obvs B Coding and testing C Watching the other teams closely for any signs of suspicious behaviour
3. You’re given a tricky puzzle to solve. What’s your starting point? A Research similar puzzles online and see if you can spot any trends B Build software that can reverse engineer the problem C Check out the credentials of the person that sent you the puzzle
MOSTLY Bs: Engineer
MOSTLY Cs: Crime fighter
Securit y engineers create new securit y sof tware. You’re enterprising, creative and a team player and can work with a wide range of people to understan d and troubleshoot issues tha t arise. See p14 for inspo.
Digital forensic specialists are frontline crime fighters, running counter-hacking operations. You need to be a critical thinker and investigator, with an excellent understanding of cyber security practice. Get started on p10.
3
Cyber security by numbers stats:
$426 billion Contribution of digital activity to the Australian economy 300% Growth in the Australian cyber security sector predicted by 2026 17,000 Number of additional cyber security workers needed in Australia by 2026 163,000 Number of jobs that could be displaced by four weeks of disruption to digital activity as a result of a cyber attack $5 billion Cost to the economy from just one week of disruption to digital activity as a result of a cyber attack Source: AustCyber
CYBER SECURITY
GET STARTED
S T N E D U T S S T R A WANTED!
r music? ry? Have a passion fo curity careers to his o int ing lv de ber se ? Love Excellent at Englished at the skills that are relevant to cy ris rp su You might be
C
al thinking, and ommunication, analy tic ial skills creativit y are all essent ies subjects. So, emphasised in humanit t have tha it’s no sur prise that areas are in high ts’ ‘ar as traditionally been seen s. eer car ty uri demand in cyber sec na l 17,000 itio add an e uir Australia will req na ls by 2026 – and cyber security professio s, backgrounds, people of diverse gender highly sought after. cu ltures and regions are air and director of Professor Ryan Ko is ch iversity of Un UQ Cyber Security at the m that aims to gra pro a Queensland and runs ree areas. “We take attract grads from all deg ound – you can have people from any backgr
“One of the critical thing s you want students to be able to do is think critically and collaborate effectively,” she says. “In the cor porate world you’re not ma king decisions by yourself – you need to present a business case and work collectively to ma ke a project happen, and to get people to follow you. Our passion is to get girls engaged as early as possible and un derstand what STEM learning is, how it conne cts to a career and that you don’t need to be great at maths!”
a degree in language, or music and still be accepted into cyber security,” he says. “Many of the cyber security challenges the government and industry face are highly complex. You need to decide whether threats come from activism, geopolitical activity or criminal activity,” says Ryan. “If you understand cyber security you can work everywhere from preventing crime to policy.”
Head higher
Alisha Hummel is a cyb er security consultant for KPMG and mentor for the Victoria Indigenous Engineering Winter School. She moved into a degree in cyb er security after initially thinking of going into law. Alisha says skills such as communication, management and being adaptable and flexible are important to her job helping government and financia l industries safeguard against cybercrime. “I love a ch allenge!" she says. "It does sound cliche to say , but not every day is the same.” – Heather Ca tchpole
Diverse thinkers Rachael Williams is the enterprise business manager for technology company HP, which supports five scholarships for women to study the Masters of Cyber Security at the University of Queensland.
Get these skills:
SHUTTERSTOCK
✔ Critical analysis ✔ Problem-solving ✔ Communication ✔ Teamwork ✔ Creativity ✔ Leadership ✔ Strategic thinking Bachelor of Criminology/Bachelor of IT (IT Security), Deakin University
CAREERSwithSTEM.com
alisha hummel
cyber security consultant
Business Intelligence Analyst, Adairs Retail Group
4
Senior Cyber Security Consultant, KPMG
lovin shanis re nsics
“A lot of the roles aren’t tec hnical,” she says. For example, the cyber-strategy team uses problem-solving skills to keep the bank secure and communicates these solutions to other teams. The cyber outreach team shares information about cyber sec urit y with the general public and teach people how to sta y safe online, and interperso nal skills are important across all cyber roles. “Communicating with people is important, as is your knowledge and understandin g of how attacks happen,” says Shanis. She adds people management, collaboration, critical thinking and innovation to the list of useful skills. “You need to think outside the box. Attackers are not going to take the easy route.”
Shanis Lovin traces the footprints left by cyber criminals – BUT there’s more to her job than coding and tech a digital footprint. ver ything we do online leaves alth Bank of Australia’s nwe mo Com Shanis is one of the s graduates and a member (CBA) 2020 Enterprise Ser vice Her job is to make sure of the digital forensics team. e for trials or investigations. data is recorded as evidenc be messed with, just like in “None of this evidence can real life,” she says. in the summer holiday Shanis started out with CBA g for a Bachelor of dyin stu internship program while e cquarie Uni. She gained som Information Technolog y at Ma ons rati ope development and great experience in sof tware t-time intern until she par a as on yed (DevOps) and sta after finishing her degree. moved on to cyber securit y do any thing,” she says, “In the grad program you can ween different teams helped adding that the rotations bet path. her choose her current career
E
LAUREN TROMPP
s Not just tech skill es when starting out in
pris Shanis says one of the big sur of roles available and the ber num cyber securit y was the range of skills needed.
Give it a shot
During her degree and interns hip, Shanis tried everything from video-game coding and computer graphics to web development and cryptogra phy. Cyber securit y may sou nd mysterious or even intimidatin g, but Shanis says it’s a fun experience with a suppor tive team. “It’s wor th giving it a shot. You’ll never know unless you try!” – Nadine Cranenbur gh
You need to think outside the box. Attackers are not going to take the easy route”
5
Bachelor of Information Technology (Software Technology), Macquarie University
Digital detective
Web Team Intern, Macquarie University
Enterprise Services Intern, CBA
digital fo
Graduate Program, CBA
CYBER SECURITY+CBA
CYBER SECURITY
CYBER SECURITY+CBA
grzeslak andrzej n tester
e f i l e h t n i y a Ad r e t s e T n e P a f o
LAUREN TROMPP
I get paid to tr and break things!” y
CAREERSwithSTEM.com
10.30am After the morning coffee run, I start testing a piece of hardware or software to see if it’s working as expected. I collaborate with specialists in various fields during the testing process to detect security flaws. The most common fields are web applications, mobile apps, ATMs and terminals. There are also thick-client applications, which are computer programs rather than apps – like what tellers use to take customer details.
1pm Lunch! Chicken laksa is my favourite.
2pm Hardware testing. I use little gadgets to probe the hardware and understand how it is working physically. I also try to eavesdrop on communications between hardware devices, to see if I can extract or tamper with them.
5.30pm We have a fantastic foosball table at work. Before pandemic restrictions, the team liked to end the day with a game or two. – Nadine Cranenburgh
6
Graduate program, CBA
Review what I’m testing for the day – usually it is a new piece of software or hardware that is ready to be rolled out, which we need to assess. Since the start of the COVID-19 pandemic, I mostly work from home and only go into the office to do certain tasks like hardware testing.
Software Engineer, Pepper Financial Services
C
y have put a dent in OV ID-19 restrictions ma competition, but the after-work foosba ll Australia (CBA) Commonwealt h Bank of ), tester Andrzej Grzeslak penetration tester (pen ture of his role and still loves the varied na every day. w learning something ne was to become a l goa Andrzej’s original practical pen-testing software engineer, but a mind. He rea lly enjoyed subject at uni changed his nding how a piece of the process of understa rt rked, then pu lling it apa hardware or software wo nesses. to try and find its weak to try and break “It’s funny that I get paid things!” he says. class in the pen testing Andrzej came top of his red by CBA. After subject, which was sponso gineering role during the trying out a software en drzej applied for the last year of his degree, An program at CBA. He is Enter prise Ser vices grad th cyber security team, wi now a pen tester in the ing king out and report the important job of see are and software. security flaws in hardw ver y varied – one day he Andrzej says his role is b apps and the next might be testing basic we sses in new building ferreting out the weakne to always something new security gates. “There’s learn,” he says.
9am
Bachelor of Software Engineering, University of Sydney
e for an Discover what work looks lik big gest bank ‘ethical hacker’ at Australia’s
Pen Tester, CBA
Cyber Security Associate, CBA
pe
CYBER SECURITY+CBA
Securing your passion
Evangeline Endacott cy ber security student
When Evangeline Endacott scored the second top marks in her rural high school she defied expectations to follow her passion of ant people in her hometown vangeline's great marks me she , ead Inst . law dy stu ld wou Mudgee, NSW expected she sue her (CS) degree at UNSW to pur nce scie er put com a in d enrolle passion for problem-solving. was coding at school, Evangeline While she hadn’t focused on g kin thin ays alw gs of tech. “I was fascinated by the inner workin says. she k?’” bac tion rma s it send info ‘how does this work, how doe urit y Evangeline is majoring in sec Now in her third year of uni a week s day two ks wor and y psycholog engineering with a minor in y urit of Australia’s (CBA) Cyber Sec in the Commonwealth Bank Associate Program. or has helped her take an Evangeline’s psycholog y min looks at to cyber securit y, where she empathetic human approach e with ctic pra of lot a . It’s also given her situations “with two minds” . role y urit sec er par t of her cyb report writing, an important Cyber Security Associate, CBA
E
Cat and mouse!
Lab Assistant and Tutor, UNSW
testing is one of the While ethical hacking or pen urit y, Evangeline says best-known jobs in cyber sec d. there is a lot more to the fiel urit y roles usually fall sec er cyb t tha s lain exp She m (or the pretend tea into two main areas: the red good guys). “It’s (the m tea bad guys) and the blue s Evangeline. a cat and mouse game,” say with cyber defence is CBA at Her current role licious activities. operations, which detects ma rple team’, She says this is actually a ‘pu
Red vs Blue
LAUREN TROMPP
Would you prefer to think like a hacker on the red team, or save the day with the blue team? Or maybe a bit of both with the purple team? Here are a few options: • Red team: imitates real-world attacks against the organisation • Purple team: combines the attack and defence team to uplift remediation • Blue team: detects malicious activities and reports for analysis; analyses the impact of the attack; responds by fixing the damage done by attackers
Love at first byte
Evangeline discovered securit y engineering in her second year of uni and fell in love. One of her guest tutors was a memb er of the CBA cyber securit y outrea ch program, who encourage d her to apply for the bank’s Cyber Securit y Associate Program. After finishing her degree, Eva ngeline is looking forward to joining the CBA Enterprise Ser vices Graduate Program. “I’m keen to explore all the opportunities available to me at the CBA,” she says. – Nadine Cranenburgh
Bachelor of Science (Computer Science), UNSW
because it integrates element s of red and blue. “There are so many options out there,” she says.
tions out there” There are so many op 7
CYBER SECURITY
CYBER SECURITY+ACA
Schools Cyber s e g n e l l a h C y t i r u c Se From social media sleuthing to crafty cryptography, the Schools Cyber Security Challenges help students gain skills and knowledge about cyber security practices and principles
ran james cprur ofessor associate
there are little steps people can take to share safely”
se
curity “St udents quickly rea lise how the Challenges relate to unsafe situation s and behaviour on line by themselves or their pa rents that leave them open to fraud, cyber att acks or scams,” says Jam es. For example, parents po sting about their children’s bir thdays a few days after the event and posting images of their school uniforms on social media means their person al information is easily accessible. Understanding how much we share on line and what’s safe an d what’s risky is a big part of the first Challen ge. “There are litt le steps peo ple can take to share safely,” says James.
Ca n you decode th is word?
D-Z-C-F-S Hint: take a step for wa rd to see if you can deC IPH ER the word. An swer is on p19.
CAREERSwithSTEM.com
Munro, an ICT teacher from McKinnon Secondary College in Me lbourne. “The course is giving stu dents a great insight into the world of cyber sec urity. It shows them how the information the y share across different platforms can be pieced together to gat her a detailed profile about the m in the on line world.” More than 85 ,000 studen ts in 2200 schools from across Australia ha ve taken part in the Challenges. Beren Horga n, a year 7 student at Sydney Secondary Colleg e in Ba lmain says the Information Privacy an d Security Challenge was “fun and interactive” . “It was ver y innovative. They have many different apps to interact with that allow you to find out information abo ut people,” he says.
From Cyber 101 to network
Test yourself!
SHUTTERSTOCK
p.ac/dt Technologies Challenges cm al git Di an ali str Au : re mo t Find ou
T
ty Challenges are he Schools Cyber Securi ng modu les that rni lea a series of rea listic hniques and coding. teach cyber security tec ll up in the technical fields They’re a great way to ski er security and can be and human aspects of cyb s or solo at home. Challenge done in groups in class, te. ple com to urs eight ho can take bet ween four to s have programs in ool sch ny ma ow “We kn , but kids aren’t learning cyber safety and bu llying they need to stay safe,” the technology elements of James Curran, Director says Associate Professor ich wh A), ng Academy (AC the Australian Computi allenges. Ch the s created and run four topic areas: er cov ges The Challen security, data encry ption information privacy and and wireless network and transmission, wired tion security. Each security and web applica ool learning areas such Challenge is lin ked to sch unication Technology as Information and Comm Australian Curricu lum: (ICT) capabilities and the Digita l Technologies. king for something “As teachers, we were loo talks and videos about more than just the usual the cyber security course using social media and fully,” says Shirley has filled this void beauti
8
dness Skill up for career prepare ng in cyber
ple worki You’ll also hear from peo t growing job areas tes security, one of the fas of organisations report around. Worldwide, 53% t ty skills. And it’s not jus a shortage of cyber securi er cyb ial ent Ess owhow. about your technica l kn acity, curiosity, being ten e lud inc lls security ski piece together systematic, being able to ilient in your approach information and being res to a problem, says James. about problem-solving “A ll of cyber security is u don’t have access to the – often with people. If yo u’re looking for a bug code on a website and yo about how you can keep (error), you need to think d that bug," he says. ‘pu lling that thread ’ to fin an aut hentic “We wanted to show in the way that careers lin k to
Name drop Exploit: An attempt to take advantage of a bug or flaw in a system for malicious purposes.
Get the lingo Bug: An error in programming. Cipher: An algorithm (set of rules)
to
. The encrypt or decrypt information tical abe alph lace rep ers ciph simplest le. mp letters with numbers, for exa
Network security:
Rules and set-ups designed to protect networked devices from hacks. Networked devices can include drones, fridges, TVs, road signs, or even vehicles.
Phishing: An attempt
to get you to provide information that can be used for cyber crimes like banking details, personal information or passwords.
Cryptography: Techniques to keep information secure by usin g codes, scrambling techniques and key s.
SMSishing: Phishing
scams conducted by SMS.
Information privacy and security
Grasp personal information security by thinking like a hacker. You will learn to value the importance of password strength and protection, as well as discovering just how vulnerable private information can be online.
kind of problem-solving that you see in the challenges – like social media sleuthing,” says James. “In all of ou r activities we include ind ustry professiona ls explainin g what it’s like to work in cyber security. Young people in the working world talking abo ut their career and their pat hway is an impo rtant insight into what cyber security is.” If you’re looking to develo p your tech skills fur ther, there are also Dig ita l Technologies Challenges (on line and unplugged classroom activities for Years 3–8) and more courses on the AC A website. Done the Challenges an d looking for what’s next? You can get involv ed in Capture the Flag competitions (see p16) or take our cyber safety quiz at bit.ly/cyber-quiz. “There are a bunch of com petitions and activities out there for kid s to get into!” says James. – Heather Catch pole
ges cmp.ac/cyber
Try these challenges!
Find ou t m or e: Sc ho ol s C yber Security Chal len
lly updated to stay The content is continua ile phishing (email relevant. For example, wh d Information Privacy an scams) is included in the in e re’s been a ris Security Challenge, the ing: texts sent direct ly ish ph S SM ‘SMSishing’ or to kids’ phones via SMS.
Cryptography
Learn basic cryptography concepts in relation to data representation and securing online communication, and how these concepts are implemented through code. This Challenge teaches programming in the context of classic cryptographic ciphers like rotation, XOR and mixed substitution, and explains the techniques used to break these forms of encryption.
Network security
This Challenge teaches the fundamentals of wired and wireless networks and the underlying principles of digital systems using BBC micro:bits.
Web application security This Challenge demonstrates the importance of security in web applications by exposing typical flaws in websites that can be exploited using tools built into the web browser.
9
CYBER SECURITY
CYBER SECURITY+ACA
Myth-busting s r e e r a c y t i r cyber secu
y! about a career in cyber securit ow kn u yo nk thi u yo at wh t Forge y pros are spilling the facts... rit cu se r be cy fe l-li rea e fiv e Thes sight! and there's hardly a hoodie in
#1 Alison KridSedcurity Junior Cybe Analyst, CBA
MTYH: You have to know what your career path looks like FACT: Cyber security careers are wide and varied – discover what you like as you forge your own career path
T
SHUTTERSTOCK
echnology was Alison’s favour ite subject at school and she knew she wan ted a career in tech, so she enrolled at Macqu arie University to study a Bachelor of IT majori ng in Sof tware Technolog y. During her deg ree, a cyber securit y internship at NSW Health pop ped up – this was the first time she’d tried it out and she loved it. Alison switched into the the n-brand-new cyber securit y major at her uni. A Kamilaroi woman, Alison soon found out about another internship opportunity through Walanga Muru, Macquarie University’s pathway and eng agement program for Aboriginal and Torres Stra it Islander students. The internship was at the Com monwealth Bank of Australia (CBA) – and Alis on continues to intern par t-time as a junior cyber securit y analyst while completing her degree . However, Alison is still figuring out exactly where in cyber securit y she wants to take her Bachelor of IT (Cyber Security), Macquarie University
CAREERSwithSTEM.com
idea of learning career. She currently likes the ting (pen testing) more about penetration tes urit y gig that – the cool-sounding cyber sec anisation’s weak org an basically involves finding “It’s fun – you’re s. doe else e spots before someon really,” she says. kind of like a hacker, but not t to her team Alison expressed this interes ular tutoring at CBA, and now she gets reg ing our team is on a Friday. “That’s someth really great for,” she says. Cyber Security Cadet, eHealth NSW
10
Intern, CBA
Junior Cyber Security Analyst, CBA
#2
Annelise Ralevska Information Security Consultant, Westpac
Securit y Assessment nnelise works in Westpac’s lains “is pretty much the Ser vices team, which she exp the red team tests the red team”. In cyber securit y looking for weak points in readiness of a company by staff and/or processes. computer systems, net works, cesses and procedures, and They attack systems, bad pro ning fake emails). people’s bad habits (like ope try to uncover weakness For example, Annelise might ses by requesting access to in the bank’s securit y proces pass, being as persistent as a building without the right a real imposter. ac as a Young Technologists Annelise, who started at Westp urity is a huge area – and it’s Scholar, stresses that cyber sec ps of different roles in cyber not all coding. “There are hea re of the creative side, like securit y – you might enjoy mo lain what spear phishing exp creating a video campaign to shing is when an attacker is,” says Annelise. (Spear phi to emails to try and gain access sends targeted, fraudulent .) l information an organisation’s confidentia er securit y because it can cyb s like she s Annelise say
A
MYTH: Cyber security is always technical FACT: They’re not all hackers and coding is not a prerequisite! be technical, but also creativ e and strategic, and becaus e it’s such important work. “You have that sense of pur pose, you’re protecting Aus tralians’ money, so it’s really important and you’re driven to succeed,” she says.
Bachelor of Bus Bachelor of Scienceiness / (IT), UTS
Westpac Young Technologist Schola r
Information Security Consultant, Westpac
Master of Cyber Sec urity, UNSW Canberr a
#3 A
Joe Bindley
Security Analyst, NA B
s a securit y analyst at NAB, it’s Joe’s job to manage the securit y of the accounts of employees with privileged access to interna l sof tware and programs. “Different accounts have diff erent levels of risk associated with them, so you have to be able to understand that and decide which set of procedures you use,” explains Joe, adding tha t this work requires someon e who is good at looking at the details and investigating. As a man on the autism spe ctrum, Joe brings these skills and more to NAB’s cyb er securit y team as par t of the bank’s neurodiversity progra m. “If you have people with different ways of thinking, you can often get different approaches to solving proble ms,” says Joe. While studying a Bachelor of IT at Deakin University, Joe joined a company called DXC Technolog y as par t of their DXC Dandelion Program, whi ch is about suppor ting and celebrating the talents and skills of people on the autism spectrum, helping people like Joe build a career in IT. Through the DXC Dandelion Program, the opportunity arose for a cyber securit y role at NAB. While Joe’s employment is through the Neu rodiversity at Work program at NAB, it doesn't define his day-to-day job. “People don ’t care whether you’re autistic or not. If you’re good enough , if you’re capable to do the job, that’s what matters,” he say s.
MTYH: There’s no room for diversity FACT: Diverse challenges require diverse solutions!
Bachelor of IT, Deakin University
Gr aduate, Westpac
DXC Dandelion Progr am, DXC Technology
11
Security Analyst, NAB
CYBER SECURITY
CYBER SECURITY+ACA
#4 Alice McCracken Cyber Threat Intelligence Analyst, ANZ
MYTH: Cyber security is an antisocial boys’ club FACT: You can seek out social spaces and support groups
A
SHUTTERSTOCK
lice knew she wanted to stu dy something tech-related at uni, but she also wanted to make sure her career had a deeper sense of purpose and job satisfaction. When she cam e across the Bachelor of Cyber Securit y at La Trobe Uni versity in Melbourne it looked like the per fect match . “For me, cyber securit y has that deeper sense of purpose beyond your ave rage net working and programming sor t of stuff,” says Alice. However at uni, Alice found herself to be one of only a few women in the course. “We started hanging out bet ween classes, and we rea lised we all felt, if not exactly imposter syndrome , then a little bit out of place in a male-dominated course,” she says. So Alice and her friends started up a suppor t net work called Girl Code. “We wanted to cre ate a safe space to have a study group or a Facebook suppor t page where we could ask questions that we didn’t always feel comfortable asking in a form al learning environment.” At the start of this year, Alic e undertook a two-month summer interns hip at ANZ bank, which turned into a regular par t-time gig as a threat intelligence analyst while she finishes her degree. When she graduates, Alice says she’s keen to be involved with similar suppor t net works to Girl Code, but for cyber securit y profes sionals – such as the Australian Women in Securit y Net work.
Bachelor of Cyber Security, La Trobe University
CAREERSwithSTEM.com
Tech Intern, ANZ
Threat intelligence Analyst, ANZ
12
#5
Benjamin Ferlauto Security Threat Intelligence Analyst, BT
urit y since he ons for a career in cyber sec enjamin says he’s had ambiti willing to ays alw I’m and ng challenged was ver y young. “I enjoy bei constantly is t tha ry ust ind an er securit y is learn or adapt to change. Cyb that,” he says. evolving and offering exactly helor of Science in Information Benjamin signed up for a Bac of Technolog y, er Securit y at the University Technolog y, majoring in Cyb king in the wor year at uni, but is already Sydney. He’s still in his fourth eat Thr new testing and launching the industry, playing a key role
B
MYTH: You have to be before you can work fully qualified FACT: You can land a in cyber security job while you study!
Intelligence Ser vice at global telecommunications company BT, where he works par t-time. “I’m one of a number of peo ple leading the Threat Intelligence Ser vice which will be released as a global ser vice offered by BT,” explain s Benjamin. Under the new ser vice, BT will provide organisations with information about the curren t and emerging cyber securit y threats and deliver real-time intelligence, helping them stay ahead of cyber criminals. Benjamin first landed a cyb er securit y internship at BT through the UTS Career Hub, which helps students find industry experience opp ortunities. The internship then turned into a par t-time gig while Benjamin simultaneously finishes his degree. When Benjamin’s not workin g and studying, he loves gaming. In fact, he spent two years working for US professional gaming compan y, eRa Eternit y, before retiring from the pro-gamin g world to focus on his study and cyber securit y career. – Gemma Chilton Bachelor of Science in IT (Cyber Security), uts
Security Analyst Intern, BT
13
Threat Intelligence Analyst, BT
CYBER SECURITY
CYBER SECURITY+PALO ALTO NETWORKS
d e l l e v a r t s s The road le r one of the world’s biggest cybe for rk wo all rts pe ex r fou e es Th ere k very different paths to get th too t bu – ies an mp co y rit cu se
#1
TAFE grad with a passion fo r acting
Pa lo Alto Networks a global cyber secu is rity compan y. It create s an sells cyber secu rity d technology and solut ion to more than 70,00 s 0 orga nisations and 150 countries.
Jason Spindlow says he fini shed high school with “avera ge marks”. He dreamed of bec but felt he needed a fallback oming an actor, job. He signed up for a Cert IV in Tech Support at TAFE, the and landed a gig with a compan n moved into IT y that focused on cyber securit y. Now he’s a channel system Palo Alto Networks, which me s engineer at ans he assists and educates IT companies that sell Palo Alto cyber security technologies Networks and solutions. Jason also per forms in theatre and musica experiences can come into play ls. “All of these with how we view and presen t the cyber security discussion, ” he says. Cert IV Technical Support (IT), TAFE
Network Engineer, cyberpro
#2
Advanced Diploma in Network Security, TAFE
Channel Systems Engineer, Palo Alto Networks
Law grad
rs working in the UK and spent a few yea the University of Manchester at s Law of ree that r deg helo law Bac a my r died urity. “I knew afte Amy Finer stu she was interested in cyber sec ided ges this dec llen she cha ore the bef ry and g ust ind ngin in the legal at landscape was cha thre the how d too ers und I y. urit Palo Alto Networks, I wanted to work in cyber sec a territor y sales manager for as ks wor she Now y. Am s say planning industry marketing presented to organisations,” conducting sales training and s, tion solu and y log hno tec she says. selling Palo Alto Networks n something new every day,” cyber security industry. I lear events. “I love working in the Bachelor of Laws, University of Manchester
Senior Case Manager, CYFOR
Customer Success Manager, Wandera
Territory Sales Manager, Palo Alto Networks
#3 Systems engineer with a background in military technology US grad Damien Lewke sta rted his career as a nuclear wea pons engineer for one of the military technology companies, world’s largest Northrop Grumman. While he was working there and complet in Systems Engineering, Am ing his Masters erica’s Democratic Party was hacked. “I realised the far-rea cyber espionage,” says Dam ching impacts of ien. He left Northrop Grumm an, eventually landing his Aus Palo Alto Networks as a system tralia-based role at s engineer. “There’s no such thing as a boring day! You’re learning from and working with constantly people to tackle security. It's the best job – hands-down!” he says. Bachelor of Science / Bachelor of Economics, UCLA
#4
Master of Science (Systems Engineering), Loyola Marymount University
Systems Engineer, Northrop Grumman
Systems Engineer, Palo Alto Networks
tworking engineer Telecommunications and ne munications in
in Electronics and Telecom r of Engineering with majors helo Bac a died she says. When stu tty She Nishita ious to learn cyber security,” networking roles. “I was cur in rs yea l era a new country. as sev l ng wel ndi as spe eer India, challenge of a new car the on k too she ia, tral Aus ed here in the exciting world Nishita moved from India to quickly and that’s how I land n lear to me ed help d oun Networks. “There is “My networking backgr systems engineer at Palo Alto a as ks wor who , lton hita Nis s of cyber security,” say ges,” she says. – Gemma Chi tomer solve security challen cus a ing help n tha ing isfy nothing more sat
Bachelor of Engineering (Electronics and Telecommunications), Bharati Vidyapeeth
CAREERSwithSTEM.com
Masters in Information Management, Welingkars Institute
Network Specialist, Apara
14
Systems Engineer, Palo Alto Networks
15
CYBER SECURITY
SKILL UP
Test your cyber skills
intriguing pit their wits againstd pizza s? le zz pu ing lv so d Love playing games an. Oh, and also get endless soft drinks an cyber challenges you must decrypt, n a Cyber Securit y Challenge r way through a series decipher, break and hack you at each point. gs’ of goals, typically gaining ‘fla or word puzzles, ber num This can mean solving sites or images, going into the code behind web ugh posts for clues and cryptography, searching thro ctices to locate even using ethical hacking pra was the case in a recent real-world missing people, as the Flag (WACTF) event. Western Australian Capture ted are built off “All of the challenges presen securit y th Per real-world scenarios that says Aaron ,” oss acr e practitioners have com CTF and WA of s ser ani org Dog get t, one of the y Hivint. anc sult con y urit sec director of cyber ple to theoretical “The aim isn’t to expose peo the types of things that problems, but to show them s, forensics consultants penetration testers, analyst
I
Solving crime in the cyber sec makes for hungry work. Luc urit y world ky there's pizza!
Like a challenge?
Per th teacher Donna Buckley , Assistant Head of Mathematics at John Cur tin College of the Arts says students were ver y engaged. “It wasn’t always the kids who did well in tests – critical thinking, donna buckley curiosity and persistence wer e some of the educator skills they really needed,” Don na says. High school student Orlando Morris-Johnson from Per th Modern School has done two CTF eve nts. “You work on everything hacking-wise: reverse engine ering programs, breaking encryp tion and much more,” Orlando say s.
Find a Challenge! • • • •
WACTF: capture.tf (12–13 Dec 2020) AustCyber: bit.ly/austcyber-challenges CSIRO’s CyberTaipan: digitalcareers.csiro.au/en/CTaipan Regional CyberChallange: regionalcyberchallenge.com
CAREERSwithSTEM.com
16
y challenges to There’s a host of cyber securit r and CEO of nde fou is r look out for. Daisy Sinclai t runs the tha ies pan com Cyber8Lab one of the that pits nt eve an – ge llen Regional Cyber Cha hypothetical attackers international teams against llenge. in an Incident Response Cha ge gives you invaluable llen Cha er Cyb l iona Reg “The hands-on processes es experience which demonstrat ck and defending atta er required to respond to cyb sy says. Dai e,” tim e your net work at the sam Pacific a Asi from jee ood Imran Esack Daw tion, Malaysia ova Inn and y log hno University of Tec llho She und. “The was on 2019’s winning team, d to us during challenges themselves provide resting, inte y the competition were ver different from ls employing a mix of skil says Imran. y,” urit sec er disciplines in cyb to analyse ed ask e wer we le “For examp licious,” he an email that was possibly ma lware analysis says. “Digital forensics, ma ering all came and sof tware reverse engine llenge.” in handy while solving that cha so not is “The human side of things dious: for every insi re mo straightfor ward and much marks e hav d we’ , wrong flag we submit ted hammered lly rea “It s. lain deducted,” Imran exp rd to make mistakes home that defenders can’t affo Heather Catchpole lest more people be hur t.” –
JOHN CURTIN COLLEGE OF THE ARTS / WESTERN AUSTRALIA CAPTURE THE FLAG
all of the challenges presented are built off real-world scenarios”
SHUTTERSTOCK / PIC CREDIT
and more face. So, if you enj oy what you see, you may well like the career pat h too,” he says. The two-day event brings hig h school, TAFE and uni students together wit h IT professionals, or those with an interest in IT. “WACTF also promotes teamw ork and the bringing together of people with different skills, approaches and general per spective,” says Aaron.
CYBER SECURITY+ACA
e n li n o e r a h s r e v o o t t How no
should keep to yourself u yo at wh d an ls cia so on st po d The lowdown on what’s OK to to locate your school an o on it that can be used
has a log ly person cause you’re likely the on therefore identify you (be at your school). with your exact full name s is fun, d about holidays on social Similarly, getting excite ll be wi ertising that your house but you could also be adv ... cklist to staying secure empty. Here's a #TMI che
I
ails t to share your bank det t might seem obvious no iform is un ool sch of you in your online – but surely a pic ’re at you en wh e lin cking in on harmless? How about che ? with mates your favourite local cafe ation ar how your online inform cle er sup It’s not always bab pro ly le, your school uniform can be used – for examp
ARE ight help narrow OK TOthSe H following m ’t
✔
bly won Some of ty, but proba ti en id r ou y down . identify you be enough to
• Your nickname
• Your full name • GIFs
t he r • The wea
• Memes
e • Your pet’s nam
• Your spo
r t s an d ho
!
bbies
SHARE WITH CAUTION
These are usually OK to share, but think twice about how much information you’re giving away and to whom – you may want to limit the following to people you trust.
• Holiday plans
• Email address
• Check-in location
✘
• Your school
• Birthday
• Photos
• Mobile number
• Geotagged photos • Pic of concert tickets
• Home address
E DON’T SHAR top secret – Keep these deets ting you don’t want them get s! nd ha g into the wron
• Banking PIN
• Login and password details
• Banking details
SHUTTERSTOCK
• Pic of your new driver’s licence
Challenge yourself! This info is taken from just one of many resources and activities
available through the Australian Computing Academy (ACA), which offers Digital Technologies and Cyber Security Challenges online for you to test your tech and cyber skills! Visit aca.edu.au for more.
17
CYBER SECURITY
CYBER SECURITY+ECU
u! o y d e e n s b o j y it r u c e Cyber s One of Australia’s top cyber security experts, Paul Haskell-Dowland, gives us the lowdown on the world’s massive skills shortage in cyber security – and why that means big career potential
, challenging yber securit y jobs are diverse where near no is re the and exciting – and eer, car the for up ing enough people sign ing ord acc , nity ortu opp e which means hug Haskell-Dowland, to Associate Professor Paul th Cowan a cyber securit y expert at Edi than 20 years University (ECU). With more the UK, he and in the industry in Australia should know. Es and “The capacit y of schools, TAF of people ber num the iver universities to del d in uire req ls skil the h wit that’s needed many for up ch cat to g goin not industry is glo king bally years,” Paul says. “We’re loo jobs unfilled, at hundreds of thousands of .” rising to millions, this decade alone has over ECU s For example, Paul say urit y – and sec er cyb g 1100 students studyin s, not rse cou ed icat ded ’s that’s just in ECU
SHUTTERSTOCK
C
d Paul Haskell-Dowlan of an de te associa y computing and securit those taking cyber majors and units. “We’re generating eno rmous numbers of students in the area of cyber securit y and we’ re barely touching the tip of the iceberg ,” he says. The ongoing skills shortage puts graduates in high dem and which pushes up salaries. “We tell students that your first job will come off the back of your degree and promoting yourself to the ind ustry, but your second and third jobs will come calling for you,” Paul says. His advice for the cyber sec urit y professionals of the futu re? “Working in cyber draws on a wide skill set, but you don ’t nee da technolog y background to com e into cyber securit y. Really, it’s having that flair, that enthusiasm tha t matters,” he says. – Gemma Chilton
SEE YOURSELF ON THE FRONTLINE OF CYBER SECURITY Study at WA’s only Academic Centre of Cyber Security Excellence. With cyber security threats only increasing, there’s never been a greater need to protect Australian businesses, government and the community from digital crimes.
303ML 111418030 | CRICOS IPC 00279B
ECU’s cyber security courses are designed to meet the changing landscape of our cyber security future. Our students learn in world class facilities, including a new multimillion dollar Security Operations Centre opened in 2020. They also receive real world experience through placements, internships and industry projects making them ready to tackle a constantly changing digital world. ECU has the largest cyber security and research program in Australia, which has been recognised by the Australian Federal Government as one of just two Academic Centres of Cyber Security Excellence in Australia. For an in-demand career in a fast growing industry, study cyber security at ECU.
Apply Now ecuworldready.com.au/cyber-security CAREERSwithSTEM.com
-
18
PATHWAYS
WHAT SHOULD I STUDY? THERE’S PLENTY OF OPTIONS OUT THERE... FROM SHORT TASTER COURSES TO SPECIALIST DEGREES IF YOU’RE THINKING A CYBER CAREER MIGHT BE FOR YOU.
Option #1: ing, science Do an engineer se
Option #2:
eciali ee and spCow or IT degr(Cy an University ber Securit y), Edith
Do any degree a th en do a postgraduate nd de gr ee in cyber security >> Master
>> Bachelor of Science University in Cyber Securit y), Macquarie >> Bachelor of IT (majoring y), urit Sec (majoring in Cyber >> Bachelor of Net working Technolog y of e itut Inst e urn lbo Me and Cyber Securit y, UNSW >> Bachelor of Computing ney University y and Behaviour, Western Syd urit >> Bachelor of Cyber Sec
of Cyber Securit y, Strateg y and Risk Management, Australian National Univer sity >> Master of Cyber Securit y, Edith Cowan University >> Master of Cyber Securit y, University of Queensland
Option #3: Study certificate or shorter courses through TAFE or uni
Option #4:
>> Certificate IV in Cyber Security, Melbourne Polytechnic >> Graduate Certificate in Cyber Security and Networks, QUT >> Certificate IV in Cyber Security, TAFE NSW >> Associate Degree in Applied Technologies specialising in Cyber Security, University of Tasmania
rity Do a cyber secuse boot-camp cour er Academy logy, 10-month course, Cod
Techno >> Diploma of Information e), Institute of Data three-month course (full tim , gram Pro y urit Sec er >> Cyb IT RM Strateg y, six-week course, >> Cyber Securit y Risk and berra Can SW p, five-day course, UN >> Cyber Securit y Boot Cam Western Australia of ity vers Uni p, 24-week course, >> Cyber Security Boot Cam
What can I earn?
Cyber security analys t Cyber security engine er Pen tester Security consultant
*Source: salaries according
to payscale.com
AU$56K–$109K AU$49–$134K AU$52K–$133K AU$87K–$167K*
! n i w o t r e h p i c e D sqhuuhi myjx ijuc fractionmedia.com. Email your answer to info@re challenge’. with the email subject ‘Cyber win a copy of will e ons The first correct resp lishing. Pub RO CSI from e! Cod , Set Ready,
HINT: Make sure you use the right font and enjoy all of the pages of the mag! For full terms and conditions go to: careerswithstem.com.au/term s-and-conditions
au
19
SHUTTERSTOCK
Decipher this to win all the kudos and a copy of Ready, Set, Code!
CYBER SECURITY
Answer from p8: cyber
