First Year in the Security Industry!

• by Anthony Orjally
• Advent IM Blog

As of today, I’ve officially worked one year within the security industry so here is everything that I have learned along the way!

The Open University

When I first started off, I didn’t really know what to expect – my initial impressions were that anything cybersecurity related was boring and far too complicated to understand, but after just one month of attending and completing an Open University course I quickly learned that this wasn’t the case.

The purpose of this course was to introduce me to the security world, and throughout it I picked up on terminology, the everyday use of security, and interesting stories from the security industry. One of my tasks in the year was to create a cyber glossary this has also improved my knowledge when it comes to terminology used within the industry.

Focusing on the everyday use of security, all students are provided with a link to a website which allows you to see if your email address has been part of a data breach (haveibeenpwned.com). Before entering my current job role, I wouldn’t have even thought twice about this being a potential danger so as soon as I pressed enter on my email address in the website I came to the realisation that I’ve been completely oblivious to the security world. Club Penguin… how dare you suffer a cyber-attack and not warn me about it! For so long I continued to use this email address on various websites (with the same password) and all of a sudden one data leak had made this information visible to someone who shouldn’t have my data. Luckily for me, this email address was no longer of use, along with the password, but this wouldn’t have been the same for many other users.

Another key piece of information I learned is how easy it is to be at fault for a data leak. During the course, we were given a video to watch where a bunch of students visited this pub and were made to sit around for 10-15 minutes. Of course, everyone used their phones and without any internet they had no choice but to connect to the public WIFI, without thinking of the repercussions (as I would have to). At the end of the 15 minutes, a stranger walked into the building speaking a loud to the students and calling out their names and revealing private information. He now had access to all of this personal data, just because the students connected to a public WIFI – which wasn’t secure. This links me to the next topic which is how working in security has impacted my life outside of work.

Altered Life due to Security

I’m not going to pretend I follow every precaution in my day-to-day life now, but learning about the risks of certain actions has definitely made me a lot more cautious throughout my everyday life. One of those actions would be rejecting cookies. Like everyone else oblivious to security, the only cookies I truly knew about were Maryland’s, therefore knowing the true process of accepting cookies on a website has made me a lot more sceptical when exploring the internet – one potential risk of accepting them is that you could inadvertently be tracked by the website user or any hackers.

A second huge mistake I was making was keeping the same password for every website! Right now, it screams common sense to have a different password for multiple accounts, as if one were to be breached then the hacker can access every single account of mine with the same password, but this wasn’t the case before. Even now, I wouldn’t label my previous self as being idiotic, because it’s just down to a lack of education in the risks that comes with certain actions online – for example, (what I do label as idiotic) there was an Instagram trend going around recently where people would share their personal information on their stories and encourage others to do it, in a way to ‘get to know me’. Again, to me now this is common sense, but this time last year, whilst I wouldn’t have taken part in it, I would see no problem in other people doing so.

Security is Everywhere!

Whilst this may seem like common sense, the everyday person won’t ever truly realise the extent to which security plays its part on them as individuals. A standout example I can think of is January 2023; I turned the TV on to support Liverpool, who were playing against Wolves in the FA Cup, but during the pre-show there was an incident where viewers could hear some very suspicious noises coming from the BBC press room, as Gary Lineker and other pundits attempted to speak louder and ignore it. Lineker later tweeted ‘Well we found this taped to the back of the set (a mobile device). As sabotage goes it was quite amusing’. And it was amusing, hilarious in fact, to everyone watching but from a security perspective it would be seriously alarming.

First of all, how did someone sneak a phone into the office, which was being broadcasted to millions, without a single person noticing? I believe this was very alarming that it happened to the BBC as it shows that even large organisations need to be on-top of their security! Football is the most popular sport in the world, therefore is at high risk for anything bad to happen; such as a potential terror attack, and whether it was down to Wolverhampton Wanderers or the BBC, there was a serious flaw in their physical security that day – so whoever’s responsibility it was to look after the security was lucky it was just a mobile phone that was undetected.

The Learning Never Ends

As a newbie this applies to me and anyone else starting in the security industry a lot more, as you can learn something new nearly every day. Whether it’s from reading a security report or being assigned with a task, you’re always picking up on new pieces of information. With that being said, from the numerous security events I’ve attended this year I still feel like the odd one out. Listening to the speakers going through their presentations, and understanding little to nothing, it can be somewhat demoralising. But this is okay, as I’m not supposed to be on the same level of knowledge as others who’ve had 10s of years of experience within the industry! Looking back, to around this time last year, I was still preparing for my interview trying to think of a way to remember IAO (I Anthony Orjally 😅), let’s fast track to now where I not only understand the acronym, but have gone through a training course to learn about the roles and responsibilities of an Information Asset Owner. This gives me the realisation that although it feels like I haven’t learned much in the past year, due to constantly comparing my level of knowledge with others, the reality is so much different.

To summarise, my first year working in security has been so much more of a breeze than expected. As someone who enjoys challenging themselves frequently, cybersecurity certainly was an anomaly and I felt a huge wave of anxiety when starting this job in the industry. But with hard work and having a willingness to learn I’ve outperformed my expectations and have felt comfortable whenever my role asks of me to become more technical, when going over security topics. For example; pulling stats from reports, typing up social media posts, writing out blogs, etc. On top of this, the learning from this role has helped me outside of work become a lot more cautious when inputting my data on the internet and as a result, has encouraged me to care a lot more for myself in that regard. Whilst, it can be stressful at times due to having a developing understanding, instead of telling yourself you don’t understand, you just have to do your tasks and only from that point will you gain any knowledge and a greater understanding of certain topics.