Using the article 50 Cybersecurity Titles That Every Job Seeker Should Know About research two or more of these jobs that are of interest to you. What disciplines do you see represented in these 50 jobs? What skills are required for the two jobs you selected? What was your biggest surprise?
I became interested in cybersecurity when a close friend mentioned that the field was hurting for bodies and entry would be relatively easy and training would be readily available. The only caveat was that I had a security+ cert. I spent 6 months going through CompTIA’s ITF+, A+, Network+, and Security+ and in March of last year I obtained my cert in Security+. Since then, I have submitted applications, attended job fairs, updated my LinkedIn, and handed out resumes to friends and acquaintances that “might have an opportunity.” I am still on the hunt. However, I recognized my gap in relevant practical experience and am supplementing it with college.
During my time in the military, I was involved heavily with computers as it was the core of my job. I dealt with analysis and reporting. What I enjoyed about the job was the puzzle. Information would present itself and I got to decipher and submit my findings. So immediately the job listed in the article that resonates best with my work experience is analyst. Of course, half the jobs listed are of the analytical nature. But what spoke to me was digital forensics analyst and counterespionage analyst. (For extra credit: Deepfake Analyst because I am utter fascinated with picking out flaws and inconsistencies in Photoshopped images and this is the next level version).
Digital forensics analyst: there definitely exists a laundry list of skills “preferred.” What stood out to me was the knowledge on the list of tools that required familiarization. EnCase, Cellebrite, Ocygen, FTK Imager, MacQuisition, X1 Social Discovery, LogicubeFalcon, etc. I have not heard of any of these before.
What surprised me was the requirements for digital forensics or computer science degrees. Coming from a cybersecurity article I assumed all jobs would be cybersecurity degree focused. But it does make sense to have disciplines and branches within the “IT/Computer science” field.
Counterespionage analyst: The skills required for this job seem slightly vague seems to cater to someone that already knows the particular set of skills they are eluding towards. Have knowledge… apply analytics… research.
The surprise here was the amount of skill required, “Candidates shall have a minimum of ten years (10) of professional experience in counterintelligence, insider threat, or other related operational experience, or 8 years and a bachelor’s degree in a related field. Candidates shall have at least five (5) years of professional experience in collecting, synthesizing, fusing, or authoring unclassified and classified intelligence products.” It looks to me that they are trying to recruit someone in the military that plans to separate or retire.
Based on your readings related to the BioCybersecurity section of this course, identify possible ethical considerations and explain your position.
Part of what improves humans is the gene pool. Certain characteristics are pruned or prevalent based on what is required at the time. It is a process that is slow yet adaptable. With CRISPR we create the ability to modify the genes into perfection. However, a few ethical considerations include safety, environmental mutations, and money.
With all technology, there is a steep learning curve prior to adoption into everyday usage. Like a baby learning walk. Of course, discovery requires experimentation but the ethical safety concern here is that of the participant. The scientists are still new to this technology and thus likely to make mistakes, miscalculations, or even unintended and irreversible changes. This ultimately affects the participants livelihood and is a huge liability.
There is also the potential to disrupt the environment. Imagine creating a gene that renders mosquitoes’ appetite for humans useless. However, in doing so they now starve and disrupt the food chain for other entities that rely on the mosquito for sustenance. Or even more dangerous, we inhibit the mosquitoes’ ability to populate but thanks to an unforeseen genetic mutation, the mosquitoes now spread infertility as well as malaria. Ecosystems are delicate enough without tampering.
Finally, there is the aspect of money. As a new technology, the process is relatively expensive and would cater only to those with money. Germline editing is an example where money can be used to pay for gene editing to treat genetic disorders without the fear of passing on the disorder; the beginning of creating a class of genetic elite. There is also the ethical consideration of designer babies where parent can modify their offspring towards traits considered desirable.
Something I overlooked is the implications of gene editing and cybersecurity. The ability to edit one’s genes or cultivate and modify genes to produce an identical biometric output as a target would be scary. Another issue would be the use of DNA in criminal cases where someone could edit their DNA to be different from the evidence or even edit someone else’s DNA to match the evidence thereby incriminating them or creating an alibi and having the case dismissed. It might seem a bit “tinfoil hat” but like photoshop, proper editing can be very convincing.
How has cyber technology created opportunities for workplace deviance?
Workplace deviance, a behavior that is against the workplace norms, is not a new concept but technology has increased the impact of said behavior. IT/Cyber professionals have intimate knowledge of the systems that make or break an organization. The accesses and organizational intelligence these people have would indeed cause great damage if they were to “flip a switch.” Mandatory vacations are part of contracts for the very reason of finding people who may have ill intentions. I believe Edward Snowden is one example of workplace deviance. Not to being in politics or agenda, but the fact remains that he went counter to the norms and culture of the organization he was responsible to.
How should markets, businesses, groups, and individuals be regulated or limited differently in the face of diminishing state power and the intelligification (Verbeek, p217) and networking of the material world?
One key thing I wanted to point out was how smart tech such as google glass can use facial recognition to look someone up on the internet. This is already the case, but there are now protections against this type of deviant behavior. Masks, infrared reflective glasses, or even anti AI shirts is already available. The litany of other uses this type of technology can be used for should not be villainized when there is a net positive. Subjective for sure, but overly regulating a technology or industry by people that do not understand the topic, will promote loopholes and manipulation in the industry or it could mean the stagnation or demise of it. At the very least, make it illegal to sell personal data without the consumer agreeing to the sale of their data at the time of sale. Perhaps even splitting a portion of the sale with those that opt into their data being sold.
In this discussion board, you are the CISO for a publicly traded company. What protections would you implement to ensure availability of your systems (and why)?
Since the focus was on availability, I feel as though there is a tradeoff with other things like confidentiality and integrity. If I were a CISO, Chief Information Security Officer, the protections I would implement to ensure availability for my systems would involve a careful balance of the CIA triad and NIST RMF to ensure the return on investment for said protections does not exceed its cost. That being said, load balancing and capacity planning would be the first item I would focus on. Load balancing and capacity planning ensures that the system will not be overwhelmed or slowdown thus making it unavailable. Of course, with my organization needing some semblance of security and operability to maintain availability, I would then focus on backup/disaster recovery, security updates, and monitoring and alerts in this order. In the event that the monitoring and alerts, which are responsible for comprehensive system performance and anomalies reports, should fail due to the lack of system updates or clever hackers, having a proper backup is key to ensuring minimal downtime on information stored on my systems. Additionally, the disaster recovery plan would include a hot site if I had the funds.
From your readings of pages 1 – 21 of the NIST Cybersecurity Framework what benefit can organizations gain from using this framework, and how would you use it at your future workplace?
Simply stated, NIST makes uses of categories and sections that are modular to fit the needs of any organization. It is like a “choose your own adventure” for any start up organization; this is an outstanding guide to tailor their cybersecurity program after. From a Department of Defense standpoint, the organization I am most interested in joining, they use NIST as part of it’s Cybersecurity Program. There are however other documents that complement and are included in their overall program. The Air Force’s Cybersecurity Program Management Instructions use 78 different documents, 9 of which are different documents from NIST in order to have a comprehensive playbook of roles and responsibilities and guidance. It seems complicated, but like with all things, it becomes second nature over time. I am still trying to internalize and familiarize aspects and concepts of the NIST SP 800-53 Rev 5 and NIST SP 800-171 because I know the DoD wants future employees to be familiar with them.