BUILDING AN EFFECTIVE CYBER
By Patrick E Weithers, MSCSE, CSPM, CISSP
Many alumna of graduate and undergraduate degree programs in Cyber Security face the challenge of job placement in the field of Cyber Security due to a lack of experience. Many are offered internships in traditional IT roles, but most of the experience is not transferrable to Cyber Security jobs. A percentage of graduates go on to receive security related certifications, but still find it challenging to start careers in Cyber Security.
Managed security services providers who offer an internship experience should begin with the development of policies and controls to mitigate vulnerabilities associated with having interns, and also confine initial work to a virtualized laboratory. Interns should be allowed to graduate from a role of observation into a lab environment where the same tools which are used in the production environment are available for use by the intern. The internship program should evolve based on a multi layered approach that includes security training combined with hands on experience using industry leading software tools and appliances.
For example, if the internship is designed to provide hands on experience in support of a student’s interest in working as a security analyst, then the first layer should involve exposure to the use of models and methods applied in IT risk and vulnerability analysis. This should include identification and prioritization of assets vulnerable to cyber threats. The second layer should involve a connection between specific threats and the associated identified vulnerabilities. The third layer should provide viewing of live threat events, and correlation of threat analysis data with the threat events. Finally, an optional layer focused on incident response will greatly enhance the knowledge, skills and abilities of the intern.
The level of interest and confidence exhibited by the interns will change significantly after completion of the third layer. A multi layered experience which involves performing vulnerability analysis that includes identification of assets, vulnerabilities and associated threats, followed by exposure to threat events in real time will make a significant difference to the intern. Further, correlation of events with threat analysis data will provide a greater comprehension of the analysis results as it is presented to the intern through tools such as SIEM. This approach will provide the interns with the ability to better articulate their experience, as well as describe the relevance of SIEM tools in vulnerability analysis and security event analysis.
Depending on the length of the internship and the maturity of the program, it will be of greater benefit to the intern to be exposed to the incident response process under the guidance of one or more senior security analyst. This additional layer will give the intern a base line for the development of skills and techniques useful in recognition of indicators of compromise and process steps applicable to a cyber hunt.
Providing a student relevant hands on experience through an internship that includes the full cycle of IT risk analysis, while the student is in residence for a cyber degree, significantly increases the probability of employment in the Cyber Security field after graduation.
“The internship program at Nu-pulse technologies has helped me to gain real-world experience in cybersecurity. I was able to understand how security can be effectively applied based on a top-down approach. I’ve gained an understanding of how risk assessment is performed in an organization and effective security controls are applied to mitigate identified risks and fulfil compliance requirements. I was exposed to available resources that aid the process of risk management and SSP development. Moreover, I had the opportunity to get hands on experience on IDS/IPS and enterprise anti-malware systems. I’ve participated in multiple projects that range from deployment of such systems to configuration and maintenance. I’ve learned the skills that are necessary for a cyber security analyst such as aggregating, analyzing and interpreting data to facilitate prompt incident response. The main thing I liked about this program is that it exposes interns to both management and technical aspects of cybersecurity which is usually a rare opportunity”. YG, Currently a Full Time Security Analyst
I have worked as Network Engineer for 5 years in Internet Service Provider Company. My perspective for network security was just implementing ACL and zone base policies on firewalls, routers and switches. This perspective changed when I joined Nu-Pulse Technologies. The changes in my perspectives are as:
Careful security risk analysis of enterprise/service provider network which include identification of organization assets/container and impact of security breaches in terms of cost, reputation and legal compliance.
Identification of security controls and creation of base line/normal behavior of network after implementation of security controls.
Monitoring the base line of network using SIEM and Anti-malware tools.
Pro-Active approach towards network security.
Defense-in-depth strategy i-e considering security at each layer (from application to physical layer of TCP/IP model)