What does the future of IT and cybersecurity look like? How do you see yourself in that future? Do you have any idea how to position yourself to achieve it? We were fortunate enough to hear Steve MacLellan’s fascinating point of view in our Career Ambassador/ CyberWarrior Sessions.
The founder of Blue-Sky Management and Research shared encyclopedic knowledge of the current and future state of technology, its impact on the world, the role of cybersecurity, and some inspirational and valuable insight into how to best map your career plans and create clear professional goals for yourself.
From cybersecurity expert to CEO of his own consulting company, Mr. MacLellan holds an impressive resume. With more than 40 years of experience in cybersecurity, he explains that it is essential to “run where the pack is going to be on the field, rather than being where the ball was. It’s important on cybersecurity,” With this, he is just trying to illustrate the importance of understanding the present and knowing where the trends are going.
The Present – Training, APTs, and Remote Work.
McLellan explained how the present is a great challenge for cybersecurity professionals and how training is crucial. “Training is expensive, but not being trained is also expensive,” he said.
He talked about the Certified Ethical Hacker (CEH) Certification and how this is particularly important because people don’t have the time to go through 20 years of experience. “One of the things I urge you to do in your training is understand who is on the other end of the wire, doing these things to you,” MacLellan said. He indicates that cybersecurity professionals should learn to think like the attacker, paying particular attention to advanced persistent threats (APT) groups that receive direction and support from an established nation-state.
China, Russia, Iran, and North Korea are part of the nation-states that McLellan mentioned and said that the stolen NSA hacking tools had been a gift to these APT actors.
As an example, he mentioned the SolarWinds attack.
In early 2020, SolarWinds, a major US information technology firm, was the subject of a cyberattack that went undetected for 69 months (about six years). Their system, called “Orion,” is widely used by 33,000 companies and organizations, including the elite cybersecurity firm FireEye and the upper echelons of the US Government, such as the Department of Homeland Security and the Treasury Department.
Some top US officials believe these hackers are from Russia. From McLellan’s point of view, it could be seen as a direct attack from Russia to the US Government.
What happened with the company? They claimed that all happened because of the password that an intern set up, which was solarwindws123. MacLellan made clear how vital a good password policy is. “If a company has a good password policy, this shouldn’t be happening, and you can detect it. That’s the company’s problem, not the interns’ problem. The intern’s just there to do their job.”
“This was an exceptional nasty attack,” he said. Since the hack was done so stealthily and went undetected for so many months, he explained that some victims may never know if they were hacked or not, and we’ll never know the full extent of all of this.
Work from home
While over 70 percent of global employees work remotely at least once per week and full-time remote workers are increasingly common, there aren’t many resources that help address the cybersecurity risk introduced by remote work. So, Mr. McLellan shared some insights that enterprises could use:
- Provide employees with basic security knowledge.
- Provide employees with VPN access.
- Provision security protection.
- Run a password audit.
- Ensure the software is updated.
- Encourage the use of (secured, approved) cloud services.
- Reset default Wi-Fi router passwords.
- Mandatory backups.
- Use a Mobile Device Management (MDM) / Enterprise Mobility Management (EMM) solution.
- Develop contingency plans now.
- Foster community care for employees.
The Future – Where You’ll Spend the Rest of Your Career
According to McLellan, the future of cybersecurity will enable a new economy. He talked about five bullet points that can illustrate this future. These are:
Industry 4.0 and the new economy.
We’re heading to industry 4.0, the digital transformation of manufacturing/production, related sectors, and value creation processes. For McLellan, it represents a new stage in the organization and control of the industrial value chain. He explained that ‘smart machines’ form the basis of this 4.0 Industry and how these products and means of production get networked and can ‘communicate,’ enabling new ways of production, value creation, and real-time optimization.
- Acceleration towards Hybrid Clouds and Multi-Cloud (Barrier/Opportunity)
- according to McLellan, in the future, few enterprises commit to a 100% cloud deployment – especially with single vendors, and how each cloud vendor operational interface and capabilities are quite different, just like their security models.
- Systemic risks from growing dependency on the internet
- “Have you ever wondered what would happen if the internet went down for several days?” he asked. During recent decades, the world has become more digitalized and interconnected, creating new and important interdependencies. Hence, systems have come to rely critically on robust information and communications technology (ICT) infrastructures and the confidentiality, integrity and availability of data and systems.
- Understanding and taming artificial intelligence (AI)
- At the heart of the big tech companies’ agenda is the tenacious struggle for being the first to overcome the unsolved problems of AI and/or to achieve the goal of general artificial intelligence, a so-called strong AI, i.e., a machine capable to master or learn any task better than a human being. That’s why MacLellan urges to really understand and tame AI before this concept comes alive.
- Quantum computing – how to use it and making it secure
- Quantum computing will arrive sooner than expected. Enterprises need to prepare now for the potential threat of quantum computing, no matter how soon it arrives. And with quantum relying heavily on the cloud, securing against quantum attacks will take similar measures to securing the cloud. “Quantum threatens today’s privacy and encryption capabilities,” MacLellan said.
The golden question.
One of our Bootcamp students asked an interesting question to our career ambassador.
“I’m new to cybersecurity, but what do I need to have under consideration? What is it to people need to do to get ready to get a job?”
MacLellan: There are three things I always look for: 1) intelligence. You hire fine, smart people, and you can tell within the three first minutes if they are smart. 2) people that can work together: it is more important than you might think. People must listen, be empathetic, be sympathetic, and avoid conflict. 3) See if you bring some technical skills the team did not have: some programming skills, networking skills, etc.
A final message
McLellan assured that cybersecurity is a broad career with a lot of opportunities for all the people interested. But “it’s important to think broadly, get your hands dirty. Being hungry to do things has immense value. Once you land that first job and you say to yourself: ‘I don’t know what I did to deserve this,’ what you did was that you earned it.”
These CyberWarrior Sessions are exclusively for our bootcamp students. Are you interested in joining CyberWarrior Cybersecurity Bootcamp? Learn more here!