Can you tell me a bit about your background and your current role?
I have completed my B.Sc in Electrical and Electronics Engineering and M.Sc in Electronics and Telecommunication Engineering. I have more than 6 years of experience working in Cybersecurity industry. I am one of the recipients of CISCO global cybersecurity scholarship and completed my certifications on CISCO security fundamentals and CISCO security operations. I have worked as a program committee member for APNIC49, APNIC50, APNIC51, sdnog4 and bdnog12 conferences. I spoke in security sessions of APNIC42 (FIRST TC) in Srilanka and APNIC45 in Nepal. I am a recipient of multiple fellowships from APNIC, IETF, ICANN and AprIGF where I got to attend network security workshops and conferences. In AprIGF I facilitated a workshop on Cybersecurity Incident Role Play. I have multiple professional certifications like CCNA, RHCSA, RHCE, CEHv9, ECSA, CCNA (Security FND and Operations). I have contributed multiple APNIC blogs advocating Women in ICT and have moderated Women in ICT session at APNIC50. In 2017, I received an “Honorable Mention under “Aspiring Women Leader” category by Bangladesh Brand Forum.
In my company I am currently working as a Cyber Security Chartered Engineer where my role is to lead cybersecurity operations in my organization along with implementing latest defense technologies like Security Information and Event Management (SIEM), Privileged Access Management (PAM), Data Leakage Prevention (DLP), Intrusion Prevention System (IPS) etc. I am responsible for cybersecurity awareness, incident management and conducting vulnerability assessment and penetration testing to protect our company from external cyber-attacks. I do blue teaming which includes performing an analysis of information systems to ensure security, identify security flaws, verify the effectiveness of each security measure, and to make certain all security measures will continue to be effective after implementation.
First of all, what is a cyber-attack?
Cyber-attack is an incident or an attempt where a group of people tries to compromise any target entity in order to expose, alter, destroy, steal or gain information through unauthorized access using sophisticated online tools where it is nearly impossible to trace back the source. The danger about cyber-attacks are it is not visible all the time and it takes years sometimes for a target to know that they got compromised. There might be multiple reasons behind generating a cyber-attack. For example: pleasure, revenge, money, political etc. These days cyber-attacks mostly occur due to money.
What is the key to good CyberSecurity?
I believe the key to good Cyber security is having defense is depth, zero-trust model and proper awareness in place. This multilayer approach is very much crucial to implement because if one layer is compromised the controls in other layers will come into play. These days to run a business we rely on third parties too much with our information it is paramount to follow the concept of zero trust model. According to a survey, 70% cyber-attacks take place due to insider threat and to combat that there is no alternative of building a cybersecurity culture within an organization for that an effective cybersecurity awareness program for employees is an absolute necessity.
What are best practices for today and how can businesses avoid cyber threats such as ransomware, phishing attacks, etc.?
Cybersecurity is a continuous process and a journey, a one-time exercise. The best practices associated with cybersecurity is sort of easy to follow which includes having latest patch, hardening, updates OS version, updated software and apps, updated anti-virus, proper access control, proper monitoring, incident handling team etc. In order to avoid threats like ransomware and phishing attacks the best remedy is an effective awareness programs for employees. Because in the case among technology, process and people, we need people to play their roles.
What should be the minimum level of security?
In Cybersecurity industry, the number of controls implemented does not ensure the complete immunity of any organization from external threats. Any entity can get compromised even with having maximum level of security. In this case, the important point is to have proper monitoring in place so that any incident can be detected and mitigated on time. However, the level of security depends on the risk tolerance level and risk appetite for any organization.
How do you foresee future cybersecurity?
It has already been predicted that, in coming years the number of cyberattacks will overpower the number of analysts and we are heading there already. That is a reason cybersecurity industry will only flourish and provide enough opportunities for newcomers. This indeed is an interesting area to work where every day is a challenge.
