16 minute read
STUDENT IN SECURITY SPOTLIGHT
Ayesha Qureshi
Ayesha Qureshi grew up in Karachi, Pakistan and now lives in Sydney where she is undertaking self-paced cybersecurity courses delivered by TAFE NSW’s Institute of Applied Technology in preparation for gaining the ISC2 Certified Cyber Security certification. At present she is studying Networking, Introduction to Artificial Intelligence, Cloud Computing, Data Analytics and Security Incident Response. She is presently unemployed but looking for a fulltime position.
Cybersecurity Student at Institute of Applied Technology, TAFE NSW
How does the reality of cybersecurity as you experience it today fit with your understanding when you first thought about studying it?
When I knew nothing about cybersecurity, I never thought it important. To me, security was just locking the front door or setting up a passcode. By studying the depths and vastness of cybersecurity, I understand it to be about human security, data security, endpoint security, network security, infrastructure security, you name it!
What cybersecurity role would most like to be hired into when you graduate, and why?
I am interested in cyber intelligence roles, and I want to work for prestigious organisations to make a bigger impact and provide services on a larger scale to serve humanity.
What was the reaction from parents, peers or career advisors to your decision to get into cyber? Did you face any opposition, if so, how did you feel about this?
This is an interesting question because I switched to cybersecurity in middle age after working in creative industries. My family supported me in my decision and became really interested when I started telling them about setting strict security measures on personal devices, not connecting to free Wi-Fi networks, etc. They are really keen to see me progress in this field.
Who, or what would you say has had the biggest influence on your cybersecurity career journey to date, and why?
The Australian Women in Security Network (AWSN) has shown me how a woman can thrive in this industry. I came from the Middle East where I had seen only men working in communications and technology. When I moved to Australia and decided to switch careers, women in IT industries were my first go-to role models and sources of inspiration.
In addition to your studies, what employment experience do you have in cybersecurity?
During my vocational training I was able to secure a cadetship and got an opportunity to work in cybersecurity that accelerated my learning. I gained exposure in cybersecurity frameworks, cloud computing architecture, risk management, identity and access management.
The cybersecurity industry abounds with certifications from multiple organisations. Have you gained, or do you plan to gain any of these, if so which ones, and why?
Yes, I love the idea of certifications. Because I switched careers and have a non-technical background, certifications have been a great way of learning and upskilling. Currently, I am completing nationally recognised certifications and on the side I am preparing for the CompTIA Security+ and ISC2 cybersecurity certifications, which are internationally recognised.
What aspect of your studies excites you the most?
I really enjoy studying networking because it has a lot of practical work. I am also keen to learn and work in ethical hacking. Since ChatGPT gained recognition, I have added an artificial intelligence module to my learning program.
Is there any aspect of your studies you find particularly difficult or challenging, if so what, and why?
It may sound unusual, but coding and programming were very challenging for me. I struggled initially to learn Python but with time and consistency I got through the course.
Do you see the need for, or plan to undertake, additional training in non-cyber skills to better equip you for a future role, eg interpersonal communications or management?
I would love to get trained in communication skills, project management, business strategy development, business intelligence and many other skills.
Are you involved in the wider cybersecurity community, eg AWSN, if so, how and what has been your experience?
I am a member of AWSN. It is an amazing network and I love attending events and meeting the amazing women working in this industry. I am also a part of WYWM Academy. This platform has contributed immensely to my self-paced learning. Cyber Risk Academy is another great institution. I attend ISSA Live webinars weekly. I am also a member of ICTTF and WiCyS and I enjoy being part of these communities.
www.linkedin.com/in/ayesha-qureshi-802123116
Sassandra Rae
Sassandra Rae grew up in Mauritius, Malaysia and Australia and now lives in Melbourne where she is in her third year of study for a Bachelor of Science and IT degree at Monash University.
Bachelor of Science and IT Student at Monash University
How does the reality of cybersecurity as you experience it today fit with your understanding when you first thought about studying it?
Having no experience in technology when I first began my course, I thought roles in security were codingcentric with limited communication required. As I have progressed through my course I have realised security is a constantly evolving field that requires a wide range of skills beyond coding. While coding skills are helpful, problem-solving, critical thinking and communication skills are also essential in the field.I have learned that cybersecurity is not just about recovering from an attack, but also about being able to put yourself in the shoes of the attackers and develop strategies to mitigate the impact of an attack.
The field is also constantly changing to adapt to new threats and vulnerabilities, so it is important to stay up to date with the latest trends and technologies. My understanding of cybersecurity has transitioned from a narrow focus on coding to a much broader view of the field that emphasises the importance of communication, problem-solving and ongoing learning.
What was the reaction from parents, peers or career advisors to your decision to get into cyber? Did you face any opposition, if so, how did you feel about this?
I was lucky to receive a large amount of support and encouragement from my family when I decided to pursue a career in cybersecurity.
Both my parents work in the IT sector so have a solid understanding of what cybersecurity entails and are aware of the increasing demand for skilled professionals in the field, particularly in light of the recent rise in cyber attacks on major organisations. They have been extremely supportive of my decision, very often sending me links to various cyber-related workshops and programs to further my skills. The help and support I have received from my family and peers have given me significant motivation as I pursue my studies and begin my career in cybersecurity. I am incredibly grateful for the strong support network I have around me. www.linkedin.com/in/sassandra-rae a professional marketing, strategy and implementation agency that is dedicated, responsive, professional, dedicated, creative, innovative, hardworking, and really cares about your business outcomes?
Who, or what, would you say has had the biggest influence on your cybersecurity career journey to date, and why?
The biggest influence on my cybersecurity career journey to date has been my stepfather. As an enterprise architect he initially encouraged me to pursue a degree in IT even though it was not my primary interest at the time. Throughout my course he has provided unwavering support and guidance, helping me navigate all the ups and downs of my tech journey. Following my decision to specialise in cybersecurity he has been a constant source of encouragement and motivation, regularly sharing interesting security-related articles as well as providing me with endless opportunities to further my career.
What aspect of your studies excites you the most?
Network security is the area of cybersecurity I find most interesting because I enjoy the problem-solving: monitoring and analysing network traffic to identify potential threats and vulnerabilities. The opportunity to study network protocols and the transmission of data across networks during my coursework initially piqued my interest in cybersecurity.
Recently, I participated in a virtual internship program with ANZ where I was exposed to real-world network analysis situations and got hands-on experience with tools such as Wireshark. This experience reinforced my interest in network security and helped me develop my skills in investigating and finding abnormalities in packets sent across the network. However, I am also aware there are other areas of cybersecurity that may interest me as I continue to learn and grow in the field and I am excited at the prospect of exploring these.
Is there any aspect of your studies you find particularly difficult or challenging, if so what, and why?
As someone who went into her degree with no previous experience in IT, I found learning how to code to be the most challenging aspect of my studies. I initially struggled to keep up with the rapid pace of learning required, and because many in my cohort had some level of coding knowledge, I was discouraged to see how far I was behind my peers.
What made coding especially difficult for me was the fact it required a learning approach different from that for other subjects. Unlike topics where memorisation was key, coding was more about problem-solving and logic. This was a new way of thinking for me that I struggled to wrap my head around. I found I had to work harder just to understand the simplest of concepts.
However, after a lot of extra work and support from the people around me, I am now able to code effectively and, most importantly, to enjoy it.
Do you see the need for, or plan to undertake, additional training in non-cyber skills to better equip you for a future role, eg interpersonal communications or management?
While technical skills are crucial in the field of cybersecurity, non-technical skills are equally important in tackling ever evolving and increasingly complex cyber threats.
I believe training in effective communication is necessary in security because it enables us to clearly communicate the potential risks and threats to all levels of personnel and educate them about cyber risks and threats. It is important to be able to explain complex technical concepts to nontechnical stakeholders.
Are you involved in the wider cybersecurity community, eg AWSN, if so, how and what has been your experience?
I have recently become a member of both the Australian Women in Security Network (AWSN), the Australian Information Security Association (AISA) and Grad Girls. My experience so far has been overwhelmingly positive. Through my involvement, I have come to realise the incredible support and the scale of opportunities available for women in the security industry. I have had the opportunity to connect with welcoming and inspiring women who are eager to share their expertise and offer advice.
One of the benefits of being part of these organisations has been exposure to the industry. I have gained valuable insights into emerging trends, best practices and potential career paths. Additionally, both AWSN and AISA provide a sense of community and support, which is especially important as a woman in a male-dominated field.
Being part of these communities has also given me access to many personal and professional growth opportunities. From mentoring programs to training and certification courses, there is a wealth of resources available that can help me further develop my skills.
Have you ever felt disadvantaged or discriminated against by being a woman in cyber, if so, please provide details?
No. In my university classes, it is common for me to be one of very few women, but this has never made me feel disadvantaged. In fact, it has allowed me to build stronger connections with the women in my classes and to be part of an incredibly supportive network. There are also many programs and opportunities available for women starting out in a career in cyber, which has been so inspiring. I feel empowered to pursue my passion in cyber, regardless of my gender.
With the benefit of hindsight would you change your career trajectory to date, and if so now? Looking back, I would not change a thing.
Before landing on cybersecurity I explored several different areas and started university with a biology career in mind. However, through exploring various IT subjects I discovered a particular interest in cybersecurity. My earlier experiences taught me a range of soft skills such as adaptability and teamwork, which have been invaluable to my studies in security.
While my career trajectory may not have been a direct path to cybersecurity, I am grateful for the various experiences that have shaped my journey thus far. These have helped me tremendously in navigating my way through the course.
REACH OUT TODAY FOR AN INSTANT QUOTE.
With:
The team at Source2Create has all the necessary skills to get the job done for you, so your time can be reserved to focus on other things aby@source2create
Johanna Broquet
Johanna Broquet grew up in Bernin, France and is now back there, living with her family and looking for a job after much travelling pursuing her studies. She graduated in November 2022 with two master’s degrees: an Erasmus Mundus joint degree in International Security, Intelligence and Strategic Studies (IMSISS) and a master’s degree in Political Sciences awarded by the French public-school Sciences Po Grenoble.The IMSISS is awarded by only three universities: Glasgow University (UK), Università di Trento (Italy) and Charles University (Czech Republic).
Graduate Student
Suppose you met an old friend from your last year at school who, knowing nothing about cybersecurity or what you do, asks you what you are doing. How do you answer them to ‘sell’ them on the idea of a career in cybersecurity?
I would tell them that cybersecurity is a very broad field which requires people with a variety of profiles working on various aspects and at various levels.
Protecting against cyber threats must be undertaken on various levels of society: each entity, no matter its size, should be ready for cyber challenges to come. That includes the use of the internet individuals, societies and companies, public infrastructure organisations, states and international organisations. For example, you could have your data stolen and used against you, a public hospital could be the target of a cyber attack that cut its electricity supply, details of a company’s finances could be digitally stolen, confidential information on a country’s intelligence agency could be exposed.
Basically, everyone and everything using the internet should be concerned about cybersecurity, because if everyone can gain something from the internet, they also have something to lose to it.Thus, because the internet is something that encompasses so many different actors, it widens needs and makes cybersecurity a broad activity.
The common perception of cybersecurity threats as emanating from hackers behind a computer is false. Now that the internet has crucial importance in our daily lives, it can become a political tool. This is why it is important not only to protect the cyber space, but also to regulate it, to be able to define what is lawful and what is forbidden.
Cybersecurity encompasses computer and data scientists and engineers, but must also include lawyers, law enforcement agents and local, national and global authorities who must all work together to regulate and protect cyberspace.
Because of the prominence of digital technologies in society, there is work for people of all kinds in cybersecurity: various profiles are needed to define and give effect to the protection we need for cyberspace.
Finally, there is increasingly a need for global cooperation to make the internet safer in the future and to tackle new challenges as they arise. This is why cybersecurity is so interesting!
How does the reality of cybersecurity as you experience it today differ from your understanding when you first thought about studying it?
When I began to study cybersecurity I had very basic knowledge and preconceived images of what it really meant. I based my perceptions on common representations such as in TV shows (Mr Robot for example) and movies, which depict the cyberworld and its activities only through hackers and secret organisations such as Anonymous.
I believe my vision today is more realistic and my knowledge of the actors involved on the different levels working for the protection and design of cyberspace to be more comprehensive (see my previous answer).
I think a more precise idea of the people involved in cybersecurity also comes from better knowing the different cyber threats and the future cyber challenges. For example, because am I particularly interested in international crimes, my studies have enabled me to learn about the different types of cyber crimes that can be carried out by criminals. I find it particularly interesting that criminals increasingly use digital platforms to be more efficient and discreet in their illicit activities, representing a new challenge for the law enforcement agencies trying to detect and arrest them.
What cybersecurity role would most like to be hired into when you graduate, and why?
Because I have not received an education in engineering or computer sciences I do not know how to tackle a cyber intrusion or how to protect data. Therefore I do not believe I will find a role in the technical side of cybersecurity.
But I have learnt to do web-based research on the internet, and especially with open-source intelligence (OSINT). With these skills I could be hired in an operational setting such as an investigator position that seeks to identify criminals by the hints and tracks they leave online, just as Europol and Interpol do.
Moreover, I believe studying cybersecurity through social sciences opens many doors: I could see myself in one of the many international organisations working to regulate cyberspace (the UN and the EU for example). Such organisations employ people with many different profiles (lawyers, diplomats, mediators, civil society representants, government representatives, etc) to reach cooperative agreements and set international guidelines designed to better organise the internet and its interdependences and make the cyberworld safer for all.
The cybersecurity industry abounds with certifications from multiple organisations. Have you gained, or do you plan to gain, any of these, if so which ones, and why?
I followed a course named Comprehensive Analysis Lab: Assessment of the Civil Environment through Structured Analytic Techniques, offered by the
Ostbayerische Technische Hochschule AmbergWeiden (OTH) university. The course introduced the PMESII-PT/ASCOPE matrix as a tool to better organise OSINT research.
I also would like to bring up the fact that you do not need certifications from official organisations to train yourself in cybersecurity. There exist many platforms through which you can train individually, for example, the website CyberSoc – Cyber Detective CTF is a great tool for those who want to learn to carry out OSINT in an entertaining way. It gives you links to social media of profiles on which you have to uncover precise information for each challenge (such as the political party of someone), sometimes using digital tools to break a code (to decrypt a password for example). This is a great exercise not only to enhance OSINT skills but also to gain awareness of how information we sometimes reveal about our daily life on the web (and especially on social media) can be used against us, and teach us to be more careful about what we reveal.
I also believe cybersecurity to be a field in which it is easy to find many tools that can be used to improve skills autonomously.
We hear all the time that the world of cybersecurity is changing rapidly, particularly with the rate of threat evolution. Do you feel your course is doing a good job of being current?
Yes and no. I would say no because, in most of our theoretical classes, the studies were based on ‘old cases’. In my cybersecurity class, for example, we studied WikiLeaks (2006) and the Stuxnet attack (2010). These events happened not so long ago, but given how fast the cyberworld and cyber threats evolve, the means and strategies used from one year to another can change completely. However, I also understand that these events constituted a turning
JOHANNA BROQUET
point because of the impact they had on society and the importance technology started to have on many aspects of our lives. I also understand that distance in time is needed for objective academic study of a topic to enable a broader view of its dynamics and consequences. This is more difficult when the event is ongoing. Moreover, I understand the speed with which cybersecurity and cyber attacks evolve make it difficult for teachers to design courses based on recent events and to cover the latest technology breakthroughs and threats.
However, I would still say my course was very current because it gave space for students to interact, debate and comment, and it was mostly during these moments that the most recent cases were brought up. We would exchange views on the events we were witnessing in our daily lives, which gave currency to the class. For example, we talked about the Pegasus Project (2021) and Russian virtual interferences in the US presidency campaign (2020).
What aspect of your studies excites you the most?
I think it is the fact that my study topics are very current and destined to gain increased importance in the future.
The dynamics of cybersecurity are evolving everyday as society evolves, and are having direct consequences on it. If I can have an impact on these dynamics, I can have an impact on the society we live in.
This is what I really like about my field of activity: to feel I have some kind of power to shape the future world, and to feel included in something bigger than myself. I also really like the strategic planning side, trying to anticipate what is to come in future years, and the threats we will have to overcome. I am comfortable with uncertainty, and I find it very exciting to know that, despite the fact we try our best to be prepared for what is to come, there are always some aspects that will be unpredictable, and will require all of our adaptability and skills to find solutions for. www.linkedin.com/in/johanna-broquet-61b10a1b8
Is there any aspect of cybersecurity that you think should be given greater focus in your course, or any aspect you think should be given less focus?
I feel talking about cybersecurity without actually experiencing the technical or operational side of it can be a bit confusing. To better understand what comprises the daily activity of cybersecurity I might have added more practical classes instead of theoretical classes. I would have given students deeper insights into to the use of OSINT technologies, coding software, or the use of specific techniques to use the internet safely. They would have been relevant, because most of my master’s cohort will probably be required to work with sensitive or confidential data from national or international agencies.
Do you see the need for, or plan to undertake, additional training in non-cyber skills to better equip you for a future role, eg interpersonal communications or management?
Developing non-cyber skills is a must for me. I believe the more cyberspace experiences threats, the more we need to be efficient in face-toface communications.
This is why developing intercultural and interpersonal communications and management skills seems crucial to me. We have all experienced one of our virtual messages being misunderstood when it would probably have been better interpreted if delivered in person. I believe face-to-face communication will always be more efficient and better received than online communication, because it involves feelings and emotions that virtual space cannot transmit.
This is why I was very happy to have courses focusing on developing intercultural and interpersonal communication competencies, and I believe everyone should follow some such course. This is particularly important for those working directly in cybersecurity because it is a field where crises are very likely. I think effective communication is necessary for every person involved in crisis management to enable them to quickly understand, give and act upon instructions.
This is true in the case of a cyber attack, for example, where teamwork must be very efficient to block intrusions that can have huge consequences. If agents have learned in advance, how to communicate well outside the digital world they are more likely to be able to build a common strategy to tackle challenges.
