In our latest blog, Jordan Wray describes his journey into cyber security and dispels some of the misconceptions he discovered along the way. Do you have an interesting role in service management? Was it all you expected it to be? Why not tell us more in a blog?
Sitting in a dark room with the only light coming from the laptop screen, it’s extremely quiet but what would you expect at 2am? I’m wearing my black hoodie and of course have my hood up and glasses on. Having just identified the next target to hack, my fingers are now typing 50 lines of code every minute. The black background and coloured lines of code grow longer and longer on the screen…
Now for the big moment, 3…2…1 execute! Hack complete.
Reality check: this is not cyber security. This is what I thought cyber security was before I set foot in the cyber world. That said, the stereotype which the movies portray doesn’t exactly help as the typical ‘hacker’ is always sitting in a darkened room, wearing a hoodie and with tons of code flashing on the screen. They make it look so easy; the deed is done within minutes and that’s all there is to it. Another stereotype of cyber security is that all hackers are unattractive geeky men, so called ‘loners’ who have allowed high-tech equipment to replace friends and family.
Let’s try to put those stereotypes to one side for a minute and ask ourselves what is cyber security? As soon as people hear those words they automatically think of bad guys doing stuff they shouldn’t be doing. In actual fact there are many different kinds of cyber security – too many for me to cover right now, unfortunately, but I will try to give you some insight into the main types.
First of all, what is a hacker? According to the Oxford Dictionary a hacker is “a person who uses a computer to gain unauthorised access to data”. Whilst this is true it isn’t as black and white as that (enjoy the pun!). There are three types of hackers: black hat, grey hat and white hat. A black hat hacker is someone who searches for vulnerabilities to exploit for malicious reasons. This could be to steal data, cause disruption to systems or blackmail their target. A white hat hacker, also known as an ethical hacker, is someone who is hired to find vulnerabilities within a company’s network or systems. Then they disclose their findings to the organisation, so that a patch can be applied and the exposure removed. Finally, a grey hat hacker is a mix of both black and white. Their intent is to find vulnerabilities which can be exploited but without malicious intent. They’re ‘grey’ because the methods they use to find the vulnerabilities are often illegal or done without the knowledge or permission of the target.
From a high level the two main elements of cyber security are offensive (commonly known as ‘red team’) and defensive (‘blue team’). As you can guess the red team are responsible for attacking systems and breaking the defences which have been set up by the target or company. The blue team are responsible for maintaining the internal network and defending against those attacks and potential threats. Obviously there is a lot more to it than just being offensive or defensive, but the majority of security professionals will fall under one of those categories.
My career started with a Higher-Level Apprenticeship in Computing Infrastructures, supported by BT, which really laid the foundations for my later roles. I have always had an interest in cyber security (of course back then I still thought it was about hooded hackers) but I was curious to know how it all worked. After completing my apprenticeship, I was very grateful to get an opportunity to work on the defensive side in a team known as ‘Protective Monitoring’.
Employed as a Cyber Security Analyst, I was responsible for identifying any malicious activity across our customer networks, raising the alarm, and then investigating the extent of the problem. In short, I loved it! I was looking at alerts and reports, deciding whether anyone was trying to ‘hack’ into our systems externally, but also checking that nobody inside our company was doing anything they shouldn’t have been doing.
As I mentioned I am a very curious person so was always asking why. Why is this person doing this? Why is someone trying to access this device? Why are they running those commands?
To squash the second stereotype that only unattractive ‘geeky men’ work in cyber security, my team consists of eighteen people, both male and female. We all live normal lives and have normal hobbies, and we definitely don’t sit up until 2am in our hoodies on the laptop hacking each other. Oh, and we are all VERY attractive. But all jokes aside, it takes a diverse group of people with different skillsets to make up a great cyber security team as we all work off each other’s strengths to benefit the team.
I am in a very privileged position to have gained the experience and knowledge to work in this industry and will hopefully be working in it for many years to come, exploring the many aspects of the fast-moving world of cyber security. The movie image of the hacker is a very small part of the story. Real hackers play the long game, with a lot of reconnaissance of your network and systems to see what is vulnerable and how it can be exploited.
Jordan Wray
Jordan Wray is a cyber security specialist at BT.
