Things I Do to Stay Relevant in the Tech/Cybersecurity Industry

 I have been working in tech industry for more than 10 years and the past few years in Cybersecurity space. It's been a great journey so far. But tech and cybersecurity industries are like our galaxy. There are so many categories inside them and so much things to learn (this what excites me actually, everyday is learning day).


It's undeniable, the industry is so fast evolving everyday. There's always new innovations appear on the market. That's why, we, tech/cybersecurity workers, need to stay relevant as well. Here are few ways that I do to stay relevant in the fast-moving tech and cybersecurity industry.


1. Connect with people and follow relevant organisations/groups on LinkedIn

I got so much benefits from my circle on LinkedIn. I got to know about new vulnerabilities or new features update or relevant events from posts that my circle member posted or liked or shared. You'll be surprised by how information-rich your LinkedIn feed can be. 


2. Join relevant physical events and network with fellow professionals

I personally joined my professional body's local chapter and I've learned a lot from other experts. I got so much other opportunities as well which I wouldn't get if I never join the chapter, like hosting relevant events locally and regionally, both physically and virtually. And, it has expanded my network too, which I am grateful for. When I was affected by layoff last year, there were so many people reached out to me and extended their help.


3. Keep checking on job vacancies although you're not looking for a change

I always do this until now. Not only I get the glimpse of the salary market, but also what are the skills needed in the market for my current role or my next target role. This will help me to prepare on what skills to polish for the next 1-2 years time. By then, when I'm in the lookout for new job/opportunity, I know that I'm ready for my jump.


Hope my above two cents are useful for you. I'm interested to know what other ways you do to stay relevant in your industry. Feel free to share!

The importance of cybersecurity awareness programs and it can be your first defense against cyber attacks

 Cyber attacks are getting sophisticated and growing in numbers everyday. Small medium businesses and healthcare are the new target of the cyber threat actors. Big companies are not escaping from attacks as well. A lot of cyber attacks in form of phishing and social engineering have been the main concern in the industry. This is why it's important that all staffs in your company are well-equipped with knowledge of various cyber attacks and how to protect themselves and the company. Cybersecurity awareness programs, if done in consistent and right way, can provide the company with strong defense against various cyber attacks.

There are few things that company can start doing in boosting the cybersecurity posture, such as having effective phishing campaigns, launching periodic cybersecurity awareness newsletter, reviewing and socializing company's security policies, and holding targeted cybersecurity training for specific groups of staff.

Effective Phishing Campaigns

In order to have effective phishing campaigns, they must take recent trending topics and are designed as close as possible to the actual email so staffs would naturally think that they are legitimate and "fall" for the suggested actions, such as clicking links, opening attachments or providing their credentials. Once the campaign ends, you can then send campaign closure email to all staffs and put some "hints" to help them identify phishing emails.

Cybersecurity Awareness Newsletter

It's good to have periodic newsletter about various domains in cybersecurity and remind all staffs on company's acceptable use policy. With these newsletters, all staffs will be reminded on what can and what can't be done when they are under your company's employment period and handling company's data.

Company's Security Policies

Policies are important to be established within the company as operational guidelines to safeguard the company's business continuity. Policies usually contain general clauses and standard or procedure documents can be created to have more detailed information related to the policies.

Targeted Cybersecurity Training Programs

Various training programs can be set with relevant content for different groups of people in the company. For example, you can setup secure coding practice workshop for developer team or third-party risk assessment workshop for procurement or sourcing team.

Cybersecurity awareness programs can be your first defense method in countering cyber threats. You can always start small by creating few basic policies, publishing some security related newsletters or posters, or launching a few simple phishing campaigns. Once you have done the first steps, you can review the results and consider improvements for next steps. 

How Small Medium Businesses Can Improve Their Cybersecurity Posture

 


As a small business, you may not realize just how vulnerable your organization is to cyberattacks. A cyberattack can damage your business' reputation, disrupt operations and even lead to financial losses.

To protect your business, follow these tips:

1. Train your employees on best practices. A lack of cybersecurity awareness among employees can lead to compromised accounts and stolen data. Ensure that all employees understand your organization's security policies. You should also train your employees to recognize phishing emails and other forms of social engineering attacks.

2. Invest in tools that limit information loss, monitor your third-party risk and fourth-party risk exposure, and help you respond to incidents effectively. A comprehensive incident response plan can also help you minimize business disruption if an attack occurs. Theses tools and plans can also help you better manage compliance requirements and meet other industry regulations.

3. Develop an incident response plan. Incident response plans should address how your organization will respond to a cybersecurity incident. Incident response plans should address not only technical responses, but also legal, public relations, and executive communications. The plan should include appropriate communication steps for informing employees, customers, and third parties about the status of incident and how the organization is responding.

4. Implement secure systems. You should ensure that all of your critical IT systems are properly secured to reduce the risk of data breaches and other attacks. End-user systems should be at least protected by anti-virus. Servers should be behind a strong firewall and it should be updated regularly with the latest security patches and firmware. Password should be complex and changed regularly. Backups should be regularly tested to ensure data can be restored quickly in the event of an attack. 

5. Conduct regular risk assessments. Conducting regular risk assessments can help you identify potential risks and secure your sensitive data. You should conduct risk assessments on all of your systems, including computer system, wireless networks, physical systems and mobile devices.

6. Implement multi-factor authentication where possible as additional layer of protection, including for remote access, privileged users and critical assets. Most passwords can be easily cracked using password cracking tools or brute force attacks. Using multi-factor authentication can help protect your accounts from being hacked. In addition, it can also help reduce your risk of data breach by limiting access to systems and data from unauthorized users.

Quiet Quitting in Cybersecurity May Not Work for Women


Quiet quitting has become a trend recently. Basically, people are just doing their bare minimum at work because they've been having burn out as a result of COVID's work from home culture which blur the work and life boundaries. 

To be honest, this is not something new. I've encountered some people doing this quiet quitting attitude in my previous workplace. They don't bother to pick up new projects to showcase their leadership or skills. They're not after the career advancement and they're content with where they are now.

But, can we do quiet quitting if we work in cybersecurity field, especially women? Firstly, women in cybersecurity has been outnumbered by men and they're treated unequally. Women are often assigned with non-meaningful tasks which don't contribute to their performance review nor career advancement. 

What I'm saying is women are already in unfair place, to begin with. I know women are in general burnt out because they need to take care both career and house chores. And joining the trend of quiet quitting seems to be tempting. But I believe it'll pose higher consequences to women if they're quiet quitting compare to men.

When women do quiet quitting, they will be labelled as slackers or under performer. There's bias that weighs towards bad impression once women stop doing extra. Unfortunately, this won't do women any good for their career advancement. Women will get pushed away from promotion although they're actually more capable than other men coworkers. 

What women can do?

I won't suggest women to take up more work when they're already burnt out and barely surviving. I suggest that women to continue working smarter, not harder. As much as possible, advocate for your work and yourself at work. Speak up when you have better ideas and don't afraid to be wrong (this is how you increase your visibility). Have growth mindset and think challenges as improvement opportunities.



Preparing for CISSP Exam

 I'm currently in the midst of preparing for the CISSP exam. I have been contemplating since last year whether I should go for CISSP exam (in the end I did my CCSP and I passed - read my post on the preparation here). This year I decided to prepare and take the CISSP exam.


Why I want to take the CISSP exam?

1. High Paying Jobs

I read many articles which mentioned that CISSP is always in the top 5 cybersecurity certifications to have high paying jobs.

2. Improving my cybersecurity knowledge

As a beginner in cybersecurity field, I definitely have a lot to catch up. My another intention is as I  prepare for CISSP, I can actually brush up my cybersecurity knowledge and fill the gaps that I have as much as possible.


What materials I use to prepare for the CISSP exam?

1. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide

I bought the book and have been reading it since the beginning of my preparation. I think the book has good structure and there's definitely a lot of information on it. I think this book can be considered as the holy grail book when people are preparing for CISSP.


Buy CISSP Official Study Guide Bundle here at Amazon

2. LinkedIn Learning

I'm fortunate that my company provides LinkedIn Learning subscription to staffs so I actually watch the CISSP course by the same book author, Mike Chapple.


How to earn extra CPEs to maintain your (ISC)2 certification



Once you get certified, it doesn't mean that you can sit back and relax.

There is requirement of 90 CPEs within 3 years to maintain your (ISC)2 certification.

Of course there are various ways to earn your CPEs. In this post, I would like to introduce you to free CPEs which you can earn at spare time.

(ISC)2 Immersive Course

(ISC)2 provides various immersive courses on their website. It's free for members and there are some courses in other languages too.


I did take one of them and it took me around 6 hours to complete. I got 4 CPEs from this one immersive course.

So it's worth to take these immersive courses if you need extra CPEs.

My experience transferring money internationally using Wise

I want to share my experience with everyone on transferring money internationally using Wise. I've been away from my home country for a while now and often need to send money back to my parents occasionally. It's been quite a painful process before Wise (previously TransferWise. Yes, I've been their customer before they changed name).

Remitting money via banks or remittance service in Singapore are very tedious for me. And another point, the rates are not that good. Often they'll charge additional service fee that may eat up to the amount of money that you're going to send.

When Wise came up, I was originally skeptical on the service and whether they can be trusted. Anyway I did try out Wise with small amount of money first as a trial to understand their process and to check out their rates.

Few features that I like from Wise:

1. You can check the rate real-time and it's guaranteed for certain period of time.

2. You know how much you pay for the transfer fee and it's quite low compare to the banks.

3. You can see the fluctuation of the exchange rate in graph.

4. You know when the money will arrive to recipient's bank account.

5. When there's issue with your transaction, Wise will return your money fully, except the any fee incurred for transferring between your bank account to Wise account, if any.

6. There's a flowchart shown for your transaction as well so you know the current status of your transaction.




And, Wise is regulated by Monetary Authority of Singapore (MAS) and many other countries' authorities. 

I've transferred big amount of money to Indonesia and Canada so far and the experience is easy and fast.

If you want fuss free cross border transfer experience, try Wise




Things I Do to Stay Relevant in the Tech/Cybersecurity Industry

 I have been working in tech industry for more than 10 years and the past few years in Cybersecurity space. It's been a great journey so...