Cyber security, sometimes referred to as (cybersecurity, information security, or information assurance) is a vast field combining psychology, mathematics, project management, computer engineering, system engineering, software engineering, system administration, sociology, and many other fields. The National Institute of Standards and Technology created a Career Pathway showing where many cybersecurity professionals start and what kind of roles they may end up doing throughout a career at https://www.cyberseek.org/pathway.html (NIST). Though there are many in the field who have never been "computer experts".
Some of the areas someone new to the field begins studying include:
One assignment I found influential in enhancing my professional career was a deeper looking into the concept of a reference monitor. I was engaged in this topic and included the paper in my blog section about it, here on this site, about time I drafted this document. This assignment related to the Microsoft NT implementation of the Reference Monitor. You can see the blog posting about it here https://waynefischer.weebly.com/blog/windows-nt-architecture-reference-monitor (Fischer, 2018).
Another valuable resource from this course was the book Computer Security Handbook by Bosworth, Kabay, & Whyne (2014). This book has continued to be a valuable reference book as it contains hundreds of references to other published resources on any topic related to computer security which I find I want to investigate further. It is a two volume series, but worth the investment for cyber security professionals.
Reflection
I chose these two artifacts above for personal reasons. I am already considered a senior computer professional and I have been working in the cybersecurity industry specifically for many years so I have been exposed to many of these concepts over the years. However, I have seen others -and I am also guilty of- believing that I already have mastered a specific topic and I foolishly thought I did not need to revisit the topics. For example, I have heard and learned about a Reference Monitor for years, and I have worked with Windows NT-based products for two decades, yet, on my assignment where I researched the Windows NT Reference Monitor implementation I learned much more than I expected. This reminded me of an important professional lesson; that is, there is always more we can learn thus we are never an "expert".
In my experience, people tend to take their titles too seriously. A title does not make a person. A title describes a persons role, and when professionals get confused and believe that their title describes how much they know, they sometimes fall into a trap where they shut themselves off to learning more about topics they may have some experience with previously. This is a dangerous mindset, because it keeps a professional from learning more about topics, and it prevents them from sharing their knowledge with others. A professional who does not continually refresh, revisit, or practice the topics they learn will not maintain the level of competency required for their role, and may miss opportunities to improve upon their existing competencies. This is also another reason why the second artifact, the book required for this course, was important for my professional career.
The book, Computer security handbook, is not itself an overly remarkable text book. The official CISSP exam books dives deeper into highly relevant topics as they relate to cybersecurity than either of this "two book" reference book does at any given level. However, the book itself is an amazing reference book to even more resources on any topic discussed. Take for example the first chapter, "Brief History and Mission of Information System Security" which has nineteen references to further material (Bosworth, Kabay, & Whyne, 2014, p 1-21). The knowledge and the power, often times, I have learned in this program comes from the references provided by a document which influenced or support the work referencing them.
Today computer-enabled persons do not have difficulty when searching for information at a shallow level as we have highly curated search engines to use which can take us to resources to learn more about any given topic. However, what I often find is that the problem we humans have while searching with a resource such as Google search is not how or what to search for information, but what words we should use to dive deep into a sound academically resource. There is also a challenge with any search on the Internet as we get entrenched in confirmation bias, or the need to validate arguments, ideas, or to justify assumptions and rationalizations for specific statements, actions, or decisions. The textbook helped to expand well beyond the included information by providing hundreds of references in a large reference compendium at the end of each chapter of the text book. This allows me to research further on specific topics I am interested in learning more about, and to learn what words are best suited to enter into search engines to find the correct information.
The ability to quickly find relevant information, and to ensure that professionals do not close ourselves off to learning more on topics we have studied are both critical skills to maintain. Not only that, but for myself, as a Certified Cyber Security Information Security Professional (CISSP), I am ethically bound to ensure that I have the most complete information regarding cybersecurity topics and that I maintain my current knowledge. These two aspects are the most important lesson I can bestow upon any future cybersecurity professionals; never stop learning, and validate and refer to the references!
References
Some of the areas someone new to the field begins studying include:
- Threats and Vulnerabilities
- Policy
- Encryption
- Reference Monitor
- Open Systems Interconnect (OSI) Model
- Topology
- Network Scanning
- Intrusion Detection
- Incident Response
- Privacy Goals
One assignment I found influential in enhancing my professional career was a deeper looking into the concept of a reference monitor. I was engaged in this topic and included the paper in my blog section about it, here on this site, about time I drafted this document. This assignment related to the Microsoft NT implementation of the Reference Monitor. You can see the blog posting about it here https://waynefischer.weebly.com/blog/windows-nt-architecture-reference-monitor (Fischer, 2018).
Another valuable resource from this course was the book Computer Security Handbook by Bosworth, Kabay, & Whyne (2014). This book has continued to be a valuable reference book as it contains hundreds of references to other published resources on any topic related to computer security which I find I want to investigate further. It is a two volume series, but worth the investment for cyber security professionals.
Reflection
I chose these two artifacts above for personal reasons. I am already considered a senior computer professional and I have been working in the cybersecurity industry specifically for many years so I have been exposed to many of these concepts over the years. However, I have seen others -and I am also guilty of- believing that I already have mastered a specific topic and I foolishly thought I did not need to revisit the topics. For example, I have heard and learned about a Reference Monitor for years, and I have worked with Windows NT-based products for two decades, yet, on my assignment where I researched the Windows NT Reference Monitor implementation I learned much more than I expected. This reminded me of an important professional lesson; that is, there is always more we can learn thus we are never an "expert".
In my experience, people tend to take their titles too seriously. A title does not make a person. A title describes a persons role, and when professionals get confused and believe that their title describes how much they know, they sometimes fall into a trap where they shut themselves off to learning more about topics they may have some experience with previously. This is a dangerous mindset, because it keeps a professional from learning more about topics, and it prevents them from sharing their knowledge with others. A professional who does not continually refresh, revisit, or practice the topics they learn will not maintain the level of competency required for their role, and may miss opportunities to improve upon their existing competencies. This is also another reason why the second artifact, the book required for this course, was important for my professional career.
The book, Computer security handbook, is not itself an overly remarkable text book. The official CISSP exam books dives deeper into highly relevant topics as they relate to cybersecurity than either of this "two book" reference book does at any given level. However, the book itself is an amazing reference book to even more resources on any topic discussed. Take for example the first chapter, "Brief History and Mission of Information System Security" which has nineteen references to further material (Bosworth, Kabay, & Whyne, 2014, p 1-21). The knowledge and the power, often times, I have learned in this program comes from the references provided by a document which influenced or support the work referencing them.
Today computer-enabled persons do not have difficulty when searching for information at a shallow level as we have highly curated search engines to use which can take us to resources to learn more about any given topic. However, what I often find is that the problem we humans have while searching with a resource such as Google search is not how or what to search for information, but what words we should use to dive deep into a sound academically resource. There is also a challenge with any search on the Internet as we get entrenched in confirmation bias, or the need to validate arguments, ideas, or to justify assumptions and rationalizations for specific statements, actions, or decisions. The textbook helped to expand well beyond the included information by providing hundreds of references in a large reference compendium at the end of each chapter of the text book. This allows me to research further on specific topics I am interested in learning more about, and to learn what words are best suited to enter into search engines to find the correct information.
The ability to quickly find relevant information, and to ensure that professionals do not close ourselves off to learning more on topics we have studied are both critical skills to maintain. Not only that, but for myself, as a Certified Cyber Security Information Security Professional (CISSP), I am ethically bound to ensure that I have the most complete information regarding cybersecurity topics and that I maintain my current knowledge. These two aspects are the most important lesson I can bestow upon any future cybersecurity professionals; never stop learning, and validate and refer to the references!
References
- Bosworth, S., Kabay, M. E., & Whyne, E. (2014). Computer security handbook. Hoboken, NJ: John Wiley & Sons.
- Fischer, W. (2018, March 3). Windows NT Architecture Reference Monitor. Retrieved from https://waynefischer.weebly.com/blog/windows-nt-architecture-reference-monitor
- NIST. (n.d.). Cybersecurity Career Pathway. Retrieved from https://www.cyberseek.org/pathway.html