6 minute read
Oorja Rungta
OORJA RUNGTA
Oorja Rungta grew up in Indore in India and still lives there but hopes to find work elsewhere when she graduates. She is in the final year of study for a Btech in computer science, specialising in cybersecurity and digital forensics.
Final year student studying BTech in Computer Science, Indore, India
Suppose you met an old friend from your last year at school who, knowing nothing about cybersecurity or what you do, asks you what you are doing. How do you answer them to ‘sell’ them on the idea of a career in cybersecurity?
I would explain that my job as a cybersecurity professional is to help secure organisations from threats in the virtual world. I would say I am basically a heroic warrior, albeit in a virtual world. I would also explain how cybersecurity is a dynamic field that is constantly changing and where you learn something new every day. It never gets boring.
How does the reality of cybersecurity as you experience it today sit with your understanding when you first thought about studying it?
Like most sci-fi fans, cybersecurity for me involved cool lines of scrolling green code that led to a hack, and companies trying to prevent that. On a more technical side, I understood my antivirus software was helping me defend my device from malicious software like viruses. My knowledge was pretty much limited to this. I had a mindset that, as a small fish with nothing of value, I would never catch an attacker’s attention and would never be breached.
After gaining a better understanding of the value of data and how attacks actually work I realised the importance of personal security. Massive breaches that compromise the data of small fry like me occur every day and this data is sold for very high prices. Since understanding the value of my data I have learnt to protect it as meticulously as I protect any of my other assets.
What was the reaction from parents, peers or career advisors to your decision to get into cyber? Did you face any opposition, if so how did you feel about this?
I generally receive a very positive response when I tell people I am pursuing a career in cybersecurity. In fact, in a country saturated with software developers, people find my career choice to be a novel field of study. I am often treated with curiosity and get a lot of questions about what cybersecurity professionals actually do.
Who, or what would you say has had the biggest influence on your cybersecurity career journey to date, and why?
I would say the seniors at my university have been a massive influence on my cybersecurity career journey. They helped me find my footing, guided me on how to study the domain and on the different options I have in cybersecurity. They shared training resources and took time to clarify my doubts. They developed a sense of community in the university so we always had somebody we could approach in case of doubts or questions. This allowed me to freely explore the domain. You would often find me using my spare time to discuss cybersecurity-related topics with my seniors. These discussions gave me deeper insights into the field and encouraged my curiosity.
What do you see has having been the most memorable and/or significant event in your cybersecurity journey to date, and why?
I think winning the Women in Cybersecurity (WiCys) training scholarship as one of 900 plus applicants worldwide was one of the most memorable events in my cybersecurity career. The scholarship program helped me greatly widen my horizons and allowed me to take my knowledge in cybersecurity to the next level. Besides the obvious benefits, winning the scholarship was definitely an acknowledgement of my potential to be a cybersecurity professional and gave me a massive confidence boost.
The cybersecurity industry abounds with certifications from multiple organisations. Have you gained, or do you plan to gain, any of these, if so which ones, and why?
I have three industry certifications from Global Information Assurance Certification (GIAC). Preparing
for these certifications helped me learn much, and I was able to study many cybersecurity concepts in a structured manner. The certifications definitely helped boost my resumé and get noticed by recruiters, but I do not think they are necessary to break into the field. Do they lower the barrier of entry into cybersecurity? Yes, but at the end of the day they are a means for employers to validate your knowledge of cybersecurity concepts. If you can show employers your knowledge of cybersecurity through other means such as projects, competitions or research papers, I believe you can break into cybersecurity without these certificates. They are very expensive and, for most students, unaffordable. I was lucky enough to get a full scholarship for them. For any other student struggling and wanting to get a certification, I suggest joining a cybersecurity community. Often these communities help their members get these certifications for free or for discounted rates. I would also recommend keeping an eye on LinkedIn because many members of the cybersecurity community share resources for free training and certifications.
We hear all the time that the world of cybersecurity is changing rapidly, particularly with the rate of threat evolution. Do you feel your course is doing a good job of being current?
It is difficult to rapidly evolve the coursework to keep pace with changes in the cybersecurity domain because of bureaucracy and regulations but my professors make up for this by discussing the latest threats and technologies in the class even though they are not within the scope of our coursework. This allows us to keep pace with the latest developments. Our studies at university are also supplemented by workshops and events that invite industry professionals to help us better understand the latest threats and the technologies to combat them. For example, we recently conducted a seminar on drone security, which is an emerging domain of cybersecurity. It gave students an introduction to this fascinating field.
What aspect of your studies excites you the most?
I find cybersecurity to be a discipline that spans many domains. For example, cyber ethics and cyber policy represent the intersection of cybersecurity and law. There is a separate specialisation dedicated to the cybersecurity of healthcare-related organisations. These are just a few examples of the many different fields cybersecurity professionals specialise in. As a person who loves forming links between different domains this interdisciplinary nature of cybersecurity greatly excites me.
Are you involved in the wider cybersecurity community, eg AWSN, if so, how and what has been your experience?
I have been an active member of Women in Cybersecurity (WiCys) and was previously the secretary of my university’s WiCys student chapter. My experience with WiCys has been phenomenal. I have found a community of women who truly support each other. As a WiCys member I get access to many resources that help me learn much, and I get exposure. For example, very recently I played AWS Game Day through WiCys. It allows participants to get their hands dirty with AWS security through a gamified platform. It was an eye opener.
Every year WiCys has various collaborations with different organisations that give its members exposure. WiCys also has an annual mentoring program that connects students with cybersecurity professionals who provide guidance. I recommend every aspiring cybersecurity professional to be part of at least one cybersecurity community. It allows you to interact with industry professionals, make connections and get access to learning resources.
What is your favourite source of general information about cybersecurity?
Twitter and LinkedIn are rich sources of cybersecurity information. Cybersecurity professionals often discuss the latest attacks, their own research and general cybersecurity topics on these forums. Being a part of the cybersecurity communities on these platforms gives you access to much information. I also supplement this knowledge with my Google feed which has, over time, recognised my interest in the domain and frequently supplies me with cybersecurity related articles.
www.linkedin.com/in/oorja-rungta