CYBERSECURITY & HOW TO PROTECT YOUR DATA

For normal people, November 30th is a day that might be spent munching on Thanksgiving leftovers, or getting into the holiday spirit. But for us at Code2College, we’re celebrating something a little different – Computer Security Day! (we promise it’s a lot cooler than it sounds)

With our lives entirely reliant on technology, it’s paramount that we know how to keep all of our sensitive information secure. So for this #ComputerSecurity Day, we spoke with a cybersecurity specialist – whose work is so sensitive that their employer requested they remain anonymous! – to shine some light on the cybersecurity field and the actions we can take to keep our computers hacker-free.

For sake of clarity, we’ll refer to our cybersecurity specialist as “John”. Answers have been edited for clarity.

Code2College: Thanks for talking with us John! Can you tell us what cybersecurity is?

JOHN: Sure! A lot of people think cybersecurity is just hacking, but it’s so broad – it took me a while to find what I wanted to do within it! But the whole of cybersecurity deals with what we call the CIA triad: the Confidentiality, Integrity and Availability of data. So we want to make sure that we protect the data, that the data is the correct data, and that the data is available to the people that need it. That’s the first thing students learn about in cybersecurity. 

The CIA Triad is composed of three concepts foundational to cybersecurity.

In terms of jobs, cybersecurity can generally be broken down into the Red Team, the attackers, and the Blue Team, the defenders. The Red Team is where you’ll find the hackers, some of whom are pen testers (short for penetration testers). Companies will give pen testers a timeframe during which they can break into their building to steal their security – basically a legalized break-in! But pen testers can leave things too, in the hope that people might use them and just try to gather as much data as they can. The Blue Team has the people who are on the lookout for anomalies in data systems, who alert the team when they see things coming in and try to stop whatever it is. There are lots of different people in the Red Teams and Blue Teams, but those are just a few examples.

Code2College: What do you do in cybersecurity?

JOHN: I’m in Information Security, which is kind of a combination of the Red Team and Blue Team. We sometimes refer to it as the “Purple Team.” But we look at data and ask, “how can we keep this safe from attack while also making sure it’s really accessible to the people that need it?” My organization helps prevent ransomware attacks for other organizations and provides support to organizations who find themselves in the middle of a ransomware attack. So we’ll help them get back online, block the attacking IP addresses statewide, and provide them with cybersecurity awareness and training so that something like that won’t happen again. 

I’m on the cybersecurity awareness and training team, so I help communicate the importance of all the preventive actions we tell you to take. Once a month I’ll host tabletop exercises with a variety of people where the experience itself gives people an experiential understanding of the importance of information security.

“There’s a huge need for cybersecurity professionals, and there are so many different things you can do in the field. There will be a learning curve, but the effort is worth it.”

Code2College: Well, that makes you the perfect person to tell us how to keep our computers hacker-free! But before we get there, we have to ask – what’s your favorite cybersecurity story?

JOHN: When I was in school pursuing cybersecurity, my instructor who worked for a cybersecurity organization brought his colleague to class. This was all remote because it was during COVID, so we could see everyone’s screens. The colleague found the contact information of a scammer who tried to hack his computer. In front of all of us, he starts a conversation with this scammer and gets a link from him that the colleague reverse engineered. So once the scammer clicked it, the colleague got into the scammer’s computer and wiped it clean! It was crazy. I’m not talented enough to do that, but it was pretty cool to see – that was also my second week of class!

Code2College: That is crazy! So what are the steps we can take to keep our computer hacker-free?

JOHN: #1 Always check the sender’s email address. If it has spelling errors, that is not a good sign. On a similar note: 

#2 Scan the email for spelling errors. Spelling errors can signify that something is coming from a non-American entity. Not always, but it’s a possibility. 

#3 Hover your mouse over the link. A preview of the link address will come up. Make sure it shows it’s a verified website. If it isn’t, do not click it. Trust your gut!

#4 Use a password manager. Never let your browser save your passwords. A password manager like Bitwarden or Lastpass will save and protect all kinds of passwords for as many websites as you want. Some have password generators and will automatically save those passwords for you. 

#5 Find out what your employer’s protocol is if your information is vulnerable or compromised. Talk to your tech people at work and ask things like, “What do we do if my work computer is lost or stolen?” or “What is my responsibility in the event of a cyber incident?” This can help an entire company or organization know what to do just in case something does happen.

Code2College: This is all fantastic advice! What’s your advice for those interested in pursuing a career in cybersecurity?

JOHN: There’s a huge need for cybersecurity professionals, and there are so many different things you can do in the field. But the hardest part will be getting your first job, because you have to prove that you’re good at what you do. In my first cybersecurity interview, I just got smacked around. It wasn’t even over when I said, “I know you’re not going to hire me because I’m not ready. But I learned so much and I know how to prepare better next time,” and then I asked them for feedback. And that’s okay! So don’t get frustrated. Like anything in life, there will be a learning curve, but the effort is worth it if this work is meaningful to you.

If you’re a high school student interested in learning more about cybersecurity – talk to us! Our skills-based volunteers come from a wide range of technical backgrounds and careers, cybersecurity included!