Cybersecurity Fundamentals
Course Summary
USD CSOL500 is titled Cybersecurity Fundamentals and was my first course in the Cybersecurity Operations and Leadership program. This class proved to be a welcome and helpful introduction to the academic study of cybersecurity. This course was the only survey course in the program and did an excellent job outlining many of the topics and issues to come, such as vulnerability management, emerging technologies such as cloud systems, access control modeling, the reference monitor conceptual model, basic network design, and designing a basic security system with a particular business in mind. As much as it was an academic introduction to the cybersecurity field, CSOL500 was also a reintroduction to the discipline of academic research and writing. I am amazed at the quantity and diversity of topics I have had the opportunity to write on throughout this program. I believe both the writing and research practices this and other courses taught will serve me well in my professional and academic future.
Reflection: Top Cloud Vulnerabilities and Cloud-Native Risks
It is said that the only constant is change. This thesis certainly proves true in the cybersecurity community. I am thrilled to have had to opportunity to observe several different sea changes in the information technology and cybersecurity industries over the years. First technology advanced from proprietary Unix system to commodity x86 Linux systems and then from x86 to virtualized x86 Linux and Windows. Finally, in the last decade, the cloud has become a dominant force in the cybersecurity world.
What does all this change mean for the cybersecurity professional? First, we must recognize that the cybersecurity professional must constantly adapt to changes in standards, technologies, processes, and threats. This assignment emphasizes this in requiring the learner to research specific risks to the cloud. They say every cloud has a silver lining, and this is certainly true here. The silver lining with cloud for tenured professionals was that many of the skillsets and controls developed for on-premises data centers translate to the new era. Vulnerability management, configuration management, and availability considerations are still as relevant as ever in the cloud, and many of the same controls still apply or can be extended to meet new challenges by creative cybersecurity practitioners. Compliance, training, and inventory have never been more important. We must bring some new tools to the shop to evaluate SaaS offerings and deal with cloud data sovereignty issues, but these challenges are certainly attainable.
The cybersecurity professional has a professional and ethical responsibility to be an ongoing learner and researcher. The last thing a cybersecurity organization wants is to be a boat anchor that is soon to be cast off, given the drag it is causing the organization. Cybersecurity leaders are always reading, always learning, and must do their professional and ethical best to adapt to new trends while often having to be a voice of reason when property security is not available yet. The role of a cybersecurity leader is a challenging one indeed.
Reflection: Innovation Lab Strategy and Architecture
The Innovation Lab Strategy and Architecture assignment was a fun and challenging conclusion to the CSOL program’s first course. The challenge was to design a corporate innovation lab in such a way as to facilitate maximum creativity and freedom in a traditionally locked-down organization. At the Lab, third-party partners would interface with employees to develop new solutions. Some access to corporate data is required, but most data is to be kept cordoned off.
This sort of challenge is a close analog to the difficult scenarios that cybersecurity professionals face. They are required to align with the business and show a measure of risk reduction to prove value. Traditionally, many cybersecurity groups have the reputation of being the “no” people such that new and innovative solutions could not be brought into the organization.
This paper and others following discuss tradeoffs and risk management. The role of the cybersecurity professional is to provide an honest assessment of the risks to the organization when new systems and services are brought online, as well as to identify areas in which cybersecurity innovation can occur. Sometimes the security leader will be required to recommend against a technology given organizational risk appetite and objectives. They may, in fact, have an ethical responsibility to do so based on the need to protect important data, business systems, or even life safety technologies that some organizations deal with. In this case, creativity becomes even more important in that alternatives are needed to meet the same overarching objectives.
Cybersecurity is part science and part art. It requires technical understanding, excellent communication skills, business acumen, and ethical consideration. This is why it is helpful for the learner to consider similar concerns beforehand while preparing to address the security challenges of the future.
USD CSOL500 is titled Cybersecurity Fundamentals and was my first course in the Cybersecurity Operations and Leadership program. This class proved to be a welcome and helpful introduction to the academic study of cybersecurity. This course was the only survey course in the program and did an excellent job outlining many of the topics and issues to come, such as vulnerability management, emerging technologies such as cloud systems, access control modeling, the reference monitor conceptual model, basic network design, and designing a basic security system with a particular business in mind. As much as it was an academic introduction to the cybersecurity field, CSOL500 was also a reintroduction to the discipline of academic research and writing. I am amazed at the quantity and diversity of topics I have had the opportunity to write on throughout this program. I believe both the writing and research practices this and other courses taught will serve me well in my professional and academic future.
Reflection: Top Cloud Vulnerabilities and Cloud-Native Risks
It is said that the only constant is change. This thesis certainly proves true in the cybersecurity community. I am thrilled to have had to opportunity to observe several different sea changes in the information technology and cybersecurity industries over the years. First technology advanced from proprietary Unix system to commodity x86 Linux systems and then from x86 to virtualized x86 Linux and Windows. Finally, in the last decade, the cloud has become a dominant force in the cybersecurity world.
What does all this change mean for the cybersecurity professional? First, we must recognize that the cybersecurity professional must constantly adapt to changes in standards, technologies, processes, and threats. This assignment emphasizes this in requiring the learner to research specific risks to the cloud. They say every cloud has a silver lining, and this is certainly true here. The silver lining with cloud for tenured professionals was that many of the skillsets and controls developed for on-premises data centers translate to the new era. Vulnerability management, configuration management, and availability considerations are still as relevant as ever in the cloud, and many of the same controls still apply or can be extended to meet new challenges by creative cybersecurity practitioners. Compliance, training, and inventory have never been more important. We must bring some new tools to the shop to evaluate SaaS offerings and deal with cloud data sovereignty issues, but these challenges are certainly attainable.
The cybersecurity professional has a professional and ethical responsibility to be an ongoing learner and researcher. The last thing a cybersecurity organization wants is to be a boat anchor that is soon to be cast off, given the drag it is causing the organization. Cybersecurity leaders are always reading, always learning, and must do their professional and ethical best to adapt to new trends while often having to be a voice of reason when property security is not available yet. The role of a cybersecurity leader is a challenging one indeed.
Reflection: Innovation Lab Strategy and Architecture
The Innovation Lab Strategy and Architecture assignment was a fun and challenging conclusion to the CSOL program’s first course. The challenge was to design a corporate innovation lab in such a way as to facilitate maximum creativity and freedom in a traditionally locked-down organization. At the Lab, third-party partners would interface with employees to develop new solutions. Some access to corporate data is required, but most data is to be kept cordoned off.
This sort of challenge is a close analog to the difficult scenarios that cybersecurity professionals face. They are required to align with the business and show a measure of risk reduction to prove value. Traditionally, many cybersecurity groups have the reputation of being the “no” people such that new and innovative solutions could not be brought into the organization.
This paper and others following discuss tradeoffs and risk management. The role of the cybersecurity professional is to provide an honest assessment of the risks to the organization when new systems and services are brought online, as well as to identify areas in which cybersecurity innovation can occur. Sometimes the security leader will be required to recommend against a technology given organizational risk appetite and objectives. They may, in fact, have an ethical responsibility to do so based on the need to protect important data, business systems, or even life safety technologies that some organizations deal with. In this case, creativity becomes even more important in that alternatives are needed to meet the same overarching objectives.
Cybersecurity is part science and part art. It requires technical understanding, excellent communication skills, business acumen, and ethical consideration. This is why it is helpful for the learner to consider similar concerns beforehand while preparing to address the security challenges of the future.