The overall motto of #Cybermonth consists of three simple words.
Repeat these words (try sitting on your hands while you’re saying them, for extra safety) whenever you’re faced with a cybersecurity risk, instead of rushing straight in and making a possibly expensive mistake:
Stop. Think. Connect.
Well, in Week 3 of #Cybermonth 2021, there are three more official words you can try, too:
Explore. Experience. Share.
Not quite as catchy as “Stop. Think. Connect,” we must admit, but the idea is straightforward: to show you how to find out more about cybersecurity as a career, to encourage you to dip your toes in the water, and to make sure that existing cybersecurity researchers help newcomers to learn more.
Our experts speak for themselves
We’d love to see more people getting into cybersecurity, not least because the crooks are busy trying to lure newbies to the Dark Side, so having a bigger, better and bolder global crew of experts to protect us from cybercriminality is in everyone’s interest.
So, to help you get an idea of what cybersecurity researchers do, we decided to give you a bunch of articles from our “Day in the Life” series, where Sophos staff tell you in their own words how they got started, and what they’re aiming to do in future:
- A day in the life of a Managed Threat Response Sales Engineer
- On the side of the good guys: a day in the life of a Senior Development Manager
- How curiosity builds better products: a day in the life of a Senior Hardware Engineer
- Small details make a big impact: a day in the life of a Distinguished Engineer
- The project of my life: a day in the life of a Principal Hardware Engineer
- The importance of adaptability: a day in the life of a Distinguished Engineer
(If you are thinking of applying for a job at Sophos, visit our official careers page, and find out what it’s like to work for us.)
If you want to wet your whistle
Even if you aren’t thinking of a cybesecurity career, why not learn more about how cybersecurity people think – or, perhaps more importantly, the things they ought to be thinking about, given the sort of mistakes that programmers sometimes make, and the eagerness with with cybercriminals pounce on them?
Here on Naked Security, we publish a series of occasional articles called Serious Security, where we dig into all sort of fascinatings topics, all the way from randomness and cryptography to passwords and pi.
Pick from a list of the whole series, or try out some of our popular topics from the past few years:
- Serious Security: Webshells explained in the aftermath of HAFNIUM attacks
- Serious Security: What 2000 years of cryptography can teach us
- Serious Security: What we can all learn from #PiDay
- Serious Security: GPS week rollover and the other sort of zero-day
By the way, if there are any subjects you’d like us to cover in future Serious Security articles… please let us know in the comments below! (If you don’t put in a name, you’ll show up as Anonymous. You’re welcome.)
Tim Boddington
I worked on IT security from before it existed as a career subject in the mid 70s until retirement at the millennium, from programmer to head of Information Security for a FTSE100 company. It was amazingly enjoyable, with tremendously rapid changes to technology, threats, risks, solutions, and I met some wonderful people. I cannot imagine a more satisfying career. I’ve followed the subject throughout my retirement and I can see that it just gets better – how I’d love to still be involved! A really great career move for anyone with an interest in computing, telecoms, etc. I’ve known Sophos from their earliest days and I can well imagine they are a good company to work for with a broad spectrum of opportunity, wherever your interests take you.
Paul Ducklin
No reason not to be involved in your retirement…
…loads of open source projects could do with all sorts of assistance. Especially if you can write, as it certainly seems you can.
Even with a comparatvely modest laptop and a free virtualiser (e.g. QEMU on Linux) you can run just about any OS (with the notable exception of macOS, unless you have a macOS computer to virtualise it on, according to Apple’s licensing rules), including Windows of all flavours if you are willing to reinstall every 90 days or so, plus any number of free deductive and analytical tools, such as the Sysinternals suite, Ghidra, Wireshark, Nmap (fully scriptable), Powershell, osquery, FRIDA, and, for that matter, the excellent HTML/JS development and spelunking tools built right into all modern browsers.
GV
How does one go about connecting with open source projects that need assistance?
Since retiring from a non-technical field I have become interested in Public Interest Cyber Security and I would enjoy the opportunity to become more involved where my skills would be of benefit.
Paul Ducklin
Many projects have one or more mailing lists where you could lurk for a while (most mailing lists are viewable as an archive via your browser) to learn who’s who, find out what the culture is like, see what most needs doing, etc. Then, when ready, you can just dive in and ask… Others may have Discord channels or other online forums where you can hang out and see what makes the project tick. Yet other may be actively seeking contributors with specific skills ibis their web site or wiki…
GV
Paul, thanks for the info. I did a Startpage search using “open source cyber security projects” and the third hit was “The Top 1,429 Cybersecurity Open Source Projects on Github.” That should be enough to keep me busy. . .
Paul Ducklin
The irony there is that the title “the top 1429 projects” probably wasn’t itself intended to be ironic :-)
Eunice J. Middleton
None of us are safe online at the moment. So everyone should be careful about cyber security. Be skilled in cyber security as a career or to keep your business safe online.