My Journey to Cyber Security

As a cybersecurity enthusiast, waking up to news of a massive cyber attack affecting over 230,000 individuals in over 150 countries was a jolt to my system. The name WannaCry was aptly chosen, as it felt like the world was on fire for security operations engineers everywhere. The question on everyone's mind was, where do we even begin?

It was no surprise that the attackers targeted Microsoft Windows OS, but what's concerning is that the main affected users were those who failed to update to the latest software. It's a sobering realisation that something as simple as ignoring software updates can lead to devastating consequences. That's why I've made it a personal mission to educate others about the importance of keeping their software up to date.

As someone with an engineering background, I understand requirements for a strong security posture in an organisation. However, I couldn't help but ask myself, how did over 200,000 computers get compromised? Didn't they have endpoint security protection? What really happened?

I learned that the attackers strategically launched WannaCry on a Friday afternoon, when people were getting ready for the weekend. Once they seized control of the Windows machines, they encrypted the files on the hard drive, making it impossible for users to access them. They then demanded ransom payment in cryptocurrency, typically in bitcoin, to decrypt the files. It's like kidnapping your data and demanding ransom for its safe return. This is not a scenario that companies, especially big corporations, have time for. They can't afford to have their dirty laundry (i.e., data) aired in public, and they must comply with regulations. So, when the attackers demand ransom, they often end up paying millions in bitcoin, a bad mistake but not a surprising one.

To me, the whole incident felt like a game, and I love games, especially hide and seek. Malware tends to use multiple techniques to evade detection tools, and I was intrigued by this. So, I decided to learn more about cybersecurity by buying a book on the subject. This opened up a whole new world for me.

I've spent the past two years learning everything I can about endpoint security and cloud security, attending workshops, and practicing my skills in labs and presentations. I've even had the opportunity to implement Proof of Value and Trials in organizations, which has been a valuable experience.

But my journey doesn't stop there. In fact, I have some ambitious goals for the future. I plan on obtaining my CISSP certification, as well as a Program Management Certification. I also intend to enroll in a Masters program focused on the Management of Technology. These certifications and programs will help me continue to grow and develop my skills as a cybersecurity professional.

As I look towards the future, I'm excited about the possibilities that lie ahead. The world of cybersecurity is constantly evolving, and I'm committed to staying ahead of the curve. So let's meet back here at the end of 2023 and see where this journey takes me. I'm confident it will be a wild and exciting ride.