All the opportunities for business growth in the current world evolve around technology.
Everyone working with technology has to be aware of the challenges that come with it. One of the main challenges that come with digitalization and e-commerce is dealing with security issues. However, most people think of hacking whenever cybersecurity is mentioned. But the truth is businesses are vulnerable in different dimensions. Other security concerns include unprecedented cyber espionage and data theft. Regardless of the intensity, the bottom line is any security issue has many negative implications for a company. For instance, the reputation of the company may be jeopardized and also it may instill a financial burden to the company especially due to outages and time out. It also places customer and partners’ information at risk. For this reason, planning to safeguard a company’s network must be one of the topmost priorities today. Cybercrime is not a new story. We are surrounded all over by news of cybercrime on various media platforms. However, very little information on cybersecurity is known, according to the EY Global Information Security Survey (GISS), (2018), around 77 percent of organizations around the world have less secured networks. The worst part is that most of them do not have any clue where their assets or information are most vulnerable. At first, I did not understand how cybercrime could be perpetrated and cause massive destruction and losses. Although they appeared sophisticated, I still believed there could be solutions to the problem or at least there was something I could do in my capacity to bring change. Through this, my dream was not only to do right but to be part of the team that ensures that everything happens the way it is supposed to, and only that. Nothing else. I had the motivation to deliver technologies that are vital to propel businesses forward. This essay gives a clear reflection of my interest, journey, and aspirations in the cybersecurity profession.
Why ICT Security Professional
Choosing the cybersecurity path to me was more of a calling than compulsion because everything I connected with led me to computers. I was well aware of the demand and need for cybersecurity professionals in society and I knew it is one of the areas that are likely to have steady growth in the job market in the future. I was not only assured of better pay but was also sure that I had a greater opportunity for career advancement and I could pursue different roles that I was passionate about. Besides, being an all-around person, I dreaded routine and repeated assignments because I have always been explorative and keen to find new challenging assignments from time to time. I noticed this during my early years in class. I always wanted to get out of the box and do things differently. My teacher believed that I was a fast learner and explorative. Therefore, I have always grown with the desire of not settling for anything for a long time. Cybersecurity was the best platform to meet my desires because the profession itself branches into different fields like digital forensics, information security, social engineering among others. To me, this was what job satisfaction really meant, having the ability to find my space in the midst of my assignments to do what I love most.
Another reason why cybersecurity was the best option for me is that it is one of the professions that could lead me to any field around the world. Most companies depend on technology and therefore with a further increase in technology, there will be a demand for security professionals in any sector. Besides, I always believed getting into the field was too easy. I was only required to get started with some basic IT knowledge and relevant cybersecurity certification.
Nature of My Job
In general terms, I am extensively an ethical hacker whose main aim is to unveil flaws and loopholes in the security by hacking systems with permission. My main duty is to use similar skills used by unethical hackers to identify areas of potential vulnerabilities, finding out the ways used by cybercriminals to hack systems and getting ready in case of any cyber attack. I believe that working as a penetrator in Ultimum B.V is the right place for me since every day and every role feeds my passion and interest. It gives me a better opportunity to grab new skills every day. Generally, I am part of a team that values security and is focused on helping clients with the best security solutions. My role as a penetration tester is not only complex but fulfilling. It revolves around a simulation of Cyber attacks against a computer system to check for any vulnerabilities. This works with the help of encapsulating CDN which is a direct gateway for all incoming traffic to the company’s web application. This, therefore, makes it possible to filter out any malicious attacks and entries like SQL interjections.
My roles as a penetration tester are broken down into five major stages. First, I have to take part in planning and reconnaissance where I have to define the scope and goal of a test, the details of the system that need to be addressed and the most appropriate testing method to be used. This is usually the basis of gathering intelligence, understanding how a network works and the potential risks. Second, I usually scan the target application for any attempts by an intruder. This is usually through a statistic analysis of the application codes to understand its operation behavior as well as the dynamic analysis that entails a deeper examination of the running state of an application to know the performance of a system. The third step after scanning is to get access to the application to identify and expose application attacks like backdoors and scripting. I then exploit three risks by streaming data for example of those interfering with traffic to better get an idea of the potential effects of the invasions. Fourth, I have to continuously monitor the exploited application systems to try and copy those that do not easily leave the system. Lastly, I have to analyze and give comprehensive results of every penetration test. The report usually contains details of the threats identified, report on whether any important data was accessed or interfered with or the time taken. According to Bertolgio & Zorzo (2017), my role as a penetration tester is not only important for locating vulnerable spots and exploiting them, but also helps the organization find the weaknesses of the hardware and software then helping the company to develop controls. Penetration testing also ensures that the controls in place are effective and well implemented and locate new bugs in the software.
Working for Ultimum B.V Company’s Security Service has taught me one major lesson.
Being a security professional is not a walk in the park. It requires a deep understanding of technology, strategic plans and cyber laws (Bertolgio & Zorzo, 2017). I have learned the fact that any successful security operation is a team effort and requires the contribution of different people within the company including ICT experts, business specialists and regulatory bodies. This coordination is the best environment to tackle any form of cyber challenges. It also simplifies and facilitates all security processes. The concept of collaboration is strongly affirmed by Hui, et al., (2014) who according to them, sharing information is important because in most cases, cybersecurity analysts are usually distributed and they face an almost similar set of tasks of defending the network infrastructure. However one of the disadvantages of collaboration is the conflict of interest. Not all security analysts are usually interested in the same kind of information. Hui, et al. (2014) however, recommend an architecture that consists of a feedback loop between analysts and the system.
Our organisation values team effort and most tasks are grouped according to team ability.
Therefore Utimum B.V is a team based lateral structure where employees are grouped into teams that perform the same job functions. Research shows that team effort is substantial in team performance. The Tuckman’s model clearly brings out the phases that lead to the performance of the roles of a team in Ultimum B.V. Company. According to Tuckman, with time relationships within a team establish with the development in maturity and abilities. The team dynamics begin with directing style, to coaching, participating and finally finishing the assignment. At completion, the group can be easily detached. This progression in team behavior and leadership style is the real picture at Ultimum B. V, which is reflected in different ways. First, During the forming stage, the management plays a dominant role in guiding the team because in most cases, our roles are not well defined, the team’s members are unfamiliar with each other and what is required of them. As we get serious into business, team members push themselves against the limitation of teams especially with differing approaches to ethical hacking. I must admit that sometimes we lack a common ground of reference. Each team member has a different role in the organization’s network and they use different terms that may not be common to other members of the team. Turkman refers to this stage the storming stage. Third, team members gradually get into the normative stage when the management steps in as a position of authority. The management representative is usually the team leader or supervisor chosen by the management to ensure effective completion of assignments. Through the group leader, differences are also resolved and team members start to appreciate other peoples’ views and ideas. Fourth, the team gets into work without conflict and puts in their best efforts in completing the assignments. At this point, the group can either be disbanded or further split to perform many another available task.
Team Goals and Vision
The immediate goal is to deliver the best we can at Ultimum B.V. We do not take the opportunity the company has entrusted us for granted and our drive is to bring the best out of it. Our aim to make use of new skills to bring about innovation and to be an element of change within the company. However, we do not limit ourselves to helping secure Information Systems by performing penetration tests and security audits but we have a dream of being part of the analytical security research. I desire to be part of the team that oversees the viability of any form of investment towards aligning the business goals and objectives as well as minimizing risks.
This too is possible if we remain focused, build relationships as much as we can, accept new responsibilities assigned to us and be more trustworthy.
One of the lessons I learned is that being an information technology professional requires a deep investment in knowledge. This is also part of our plans. We aspire to improve my current skills by taking advantage of all training s and workshops arranged in the company. The most important skill set that we should work on includes programming skills, problem-solving, networking, communication and database knowledge.
Ultimum B.V does not limit our ability. Therefore, aspirations are not only tied to personal advancement and the growth of the company but to help bring forth changes to a larger society and help to minimize cybercrime since we believe that an informed community is the basis of a sustainable security culture. However, this initiative has to start from the influence we make on the people. We aim to find ways of instilling the concept that security belongs to everyone to encourage responsibility. We have to speak about the importance of security at every level. Awareness and sensitization is also a vital tool for teaching lessons on cyber security in most social gatherings. These lessons are likely to equip people on making secure products and services.
Management at Ultimum B.V.
The management of our organization takes up different roles every time depending on the nature of tasks. Management at Ultimum B.V is in line with Quinn’s model of competing values framework, where the conception of effectiveness depends on two major dimensions. First, the focus on the internal structure, welfare and development of employees to the external focus on organizational development. Second, the differences between the organizational preference for a structure, which is a representation of the contrast between stability, control, and flexibility (Cameron, 2011). According to Quinn, the most effective leaders usually practice all these roles while meeting the demands and expectations that come with each role. The main relations model explains the role of the manager to be a facilitator and mentor. It emphasizes on commitment.
This is what I have witnessed within our organization. The managers value participation, and they are keen to build cohesion by resolving any form of conflicts within the organization. They are mainly concerned with facilitating the key security processes which are the core mandate of the company. Most of the time the manager is focused on the personal development f employees. I have seen people leave the company better, experienced and with more skills than when they got in. On the other hand, the open system model looks at leadership from the perspective of a dynamic world where leaders have to make smart and timely decisions regardless of the limitation of time required to devote themselves to planning the organization’s issues. The emphasis, therefore, is on creativity and innovation. This is also the situation in Ultimum B.V where managers have a strong influence on employees through persuasion. The rational goal model emphasizes on profitability and productivity. This is also witnessed at Ultimum B.V
where managers are productive and strongly motivated to generate profit while also maintaining the reputation of the company. Lastly, according to the internal processes model, the criteria for effective management are stability and continuity. At Ultimum, procedures and processes on security issues have to follow a specific order. In case of conflict, the chain of command is also considered when solving issues. These processes maintain order within Ultimum B. V and promote stability.
Supervision in my department can be well described as laissez fair. Most of the roles and duties we perform are under very minimal supervision and control. In fact in most cases the opinions my team members bring on board are implemented without too much scrutiny, questioning and influence from the management. The supervisor only gets in to monitor, check the progress of our role and in case, he wants to give a new assignment (Namiq, 2018). In my present role, I am accountable to the head of the security department who is also my supervisor. This, therefore, means I have to report everything I do and I also get feedback from him. Most of the feedback I receive usually include achievements the organization has made through me, reasons why my role exists, the areas I am currently doing well and those that I need to improve on and my impact on different stakeholders within the organization. I value feedback and I always take it as an opportunity for growth. I also feel valued and appreciated by my superiors. I have learned to remain within the course of the company’s goals and mission when creating strategies and improving some areas within the organization through the feedback I receive.
Management is equally by listening and consensus with employees. rather than control. It is referred to as Management by Walking around (MBWA). In this type of management style, the main concept is to monitor the team and creating a relationship with them for the success of the organization. However, managers remain to be the counselors and directors of processes
within the organization (Tucker & Singer, 2013). There are key aspects that make the MBWA model applicable in Ultimum B.V. First supervisors are not usually confined to their desks. They interact with team members without any prior arrangement at any time of the day. Second, conversing with supervisors is as easy as talking to friends. The discussions are sometimes informal but aligned to the goal of the assignment. I have noted that my supervisor is not only focused on giving feedback but is always keen to gather our opinions on issues. Third, it is easy to get help from the supervisors. My supervisor for instance is an expert in ethical hacking techniques. I have seen him get to work with us especially in matters that require an urgent and advanced response and expertise. This has greatly helped in motivating performance because most of the employees support this type of management style.
According to Li, et al., (2016), information technology security personnel are part of the solution for companies. They, therefore, need to be always strategic and creative by getting in front of the problem and finding fast solutions. For the few years I have worked with Ultimum
B.V. Company, there has never been a one size fits all mechanism of dealing with security issues within networks. I have learned that creativity and adaptability to every new technological change and the threats is the best approach. I have always made effort to ensure that every working experience at Ultimum B.V. Company gives me an opportunity to familiarize myself with the business systems and to know the most vulnerable areas.
Changes are part of the routine at Ultimum B.V. The changes are sometimes planned or unplanned so we are always prepared because our job is about finding the best possible security solutions. Therefore, employees do not question change as deeply as they should regardless of the timing. Instead, they are keen to bring in ideas and suggestions to make the changes more adaptable. However, in most cases, change has always altered the status quos and brought in new opportunity for reflection. For instance when a supervisor asks, ‘How best can we solve it’ , the question drives solutions away from routine and calls for other creative approaches.
However, some changes, especially those implemented without enough consultation bring in confusion because they do not create room for improvements and sometimes makes team members question the real objectives that should guide operations.
Lewin’s Change management Model is the most common approach used at Ultimum B. V by both team members and the supervisor. According to Lewin’s Model, change is split into three stages of management. Unfreezing, making changes and refreezing (Hussai et al., 2018). Employees at Ultimum B.V are cultured to acknowledge that changes must take place and they therefore easily unfreeze from normal processes to get a new approach to situations. This has helped in eliminating any form of bias, rigidity and resentment. The unfreezing process is like a preparation for all forms of changes the organization implements. During the real change, Ultimum B.V has a culture of giving extra training where needed to make the transition process easy and adaptable. After the implementation of a change, the last step is to refreeze the new status quo. During this stage, Ultimum B. V works to ensure old traditions and norms do not resurface again. The organization has a regular review system to follow up on implementation until the new changes become a tradition (Hussai et al., 2018).
Lewin’s change model is the most relevant for Ultimum B.V considering the nature of the industry. One thing about cybercrime is that it is revolutionary and it gets more complicated with time. Therefore, the business approach to solving security issues has to be flexible and drastically change for the better. Using Lewin’s model as an approach for implementing change at Ultimum B.V has immediate effects on the objectives and cooperation between team members. First, it helps the organization to stay relevant and aligned to its goals (Hussai et al., 2018). During the unfreezing stage, the organization surveys the situation on the ground to understand the changes that need to take place and reasons for the change. All these processes use the organization’s strategy and visions as supporting evidence. Second, the fact that the model involves a lot of communication, analysis of how the change will affect everyone, provide a chance for employees to participate and establish a reward system is a motivating factor since team members feel that they are also part of the change (Hussai et al., 2018). This not only encourages team effort but also fosters an environment for unity and participation in implementing new policies.
My Role in Collaboration with Others
It is clear that security jobs do not scale up. Instead, most roles get tougher with each passing day. In my experience, this work demands the utmost focus and expertise. This difficulty is due to several reasons. First, there is a growing volume of cyber-attack. The irony is we still rely on manual and old processes for data interpretation, which can be ineffective with complexity in the nature of attacks. Besides the growth scale of these security alerts are usually too many for us to handle on our own.
I have learned to be confidential because I get access to a lot of important company information. I have also learned to work on my attitude. Most of my assignments involve long hours of working behind a computer which is usually stressful. Despite all the pressure, I have always been positive, committed to my position, courageous in innovating ideas and having a helping spirit towards my colleagues and clients.
The best accomplishment in any position is when one delivers beyond the expected or when one goes out of his or her way to have a task done for a company. Looking back, I cannot help but appreciate all the challenges that come with this role. I view it as a major step to great accomplishment that I would not have made in any other professional field. This is due to a number of reasons. First, I am now adept at the IOT security. I am able to develop countermeasures by seeking and analyzing potential threats. Through all this, my communication, decision-making and time management skills are all getting better daily.
Second, locating weaknesses and pinpointing likely targets of cyber attackers has been the highlight of my success. I have successfully managed to incorporate a combined approach in vulnerability assessment like hardware troubleshooting, software installation, and pact management of the network security. Above everything else, I have contributed to various cyber initiatives and prevented several crimes. As Gerami (2018 ), mentions, the general security of any business network is not only determined by pointing and evaluating the number of vulnerabilities, but also a deeper understanding how these vulnerabilities can be staged to cause an attack. This is usually the most important initiative in crime prevention. This is what motivates me more, knowing that my everyday effort saves companies and organizations from attacks. It is more appealing and fulfilling to know that my efforts not only prevent the loss of important data but also saves businesses of costly delays in production, thereby preserving the reputation of a company. All these successes are attributed to the role my supervisors play as well as the commitment of my team members.
Through my learning and working experience, I can now look back and realize that my role as an IT security analyst is vital. Today I not only understand the basic security aspect but I also practice it. I am more confident that choosing the path that excites me was the best decision ever. However, from this reflection, there is one major concept that emerges. Being a security specialist, especially on information technology is not an easy task. It also includes the zeal and desire to become better by constantly improving self with the latest technological changes and updates on security issues around the world. Some of the challenges I experience are the long working hours, the big workload and sometimes lack of understanding with other IT professionals. With these challenges, came strengths that I found out about myself. I found out that I am creative, resilient and always motivated to bring out the best in my roles. However, I still believe I have not yet accomplished my dream in my career. I aim to not only advance my skills but also be an instrument for creating awareness in the community on cybersecurity for a better world.
- Bertolgio, D. D., & Zorzo, A. F. (2017). Overview and open issues on penetration test. Journal of the Brazilian Computer Society, 23(2 ). Retrieved from https://doi.org/10.1186/s13173-017-0051-1
- Cameron, K. (2011). An Introduction to the Competing Values Framework. Retrieved from http://www.thercfgroup.com/files/resources/an_introduction_to_the_competing_values_f ramework.pdf
- EY Global Information Security Survey 2018–19(2018). Retrieved from https://www.ey.com/gl/ en/issues/governance-and-reporting/center-for-board-matters/ey-understanding-the- cybersecurity-threat
- Gerami, M. (2018 ). Impact of Cyber threats on business profitability. Iran.
- Hui, P., Bruce, J., Gregory, M., Best, D., Fink, G., McGrath, L., & Endert, A. (2014). Towards efficient collaboration in Cyber Security. International Symposium on Collaborative Technologis and Systems.
- Hussain, S. T., Haider, M. J., Lei, S., Hussain, S. H., & Ali, M. ( 2018, September–December ).
- Kurt Lewin’s change model: A critical review of the role of leadership and employee involvement in organizational change. Journal of Innovation and Knowledge, 3(3), 123- 127. doi: https://doi.org/10.1016/j.jik.2016.07.002
- Li, L., Xu, L., Hu, W., & Chen, Y. (2016). Cyber Security awareness and its impacts on employee behaviour. In Research and practical issues of enterprise information system (pp. 103 – 111). Venna; Austria: Confenis.
- Namiq, F. A. (2018). Most effective management style for modern. International Journal of Engineering and Management Sciences, 3(3). doi: 10.21791/IJEMS.2018.3.33.
- Tucker, A. L., & Singer, S. J. (2013). The Effectiveness of Management-By-WalkingAround: A Randomized Field Study. Harvard Business School.