Security has many facets and is a mandatory field of study especially today that large corporate companies are suffering data breaches and credit card information theft. Malware got into their systems because of genetic weakness in the credit card encryption process, infected pdf attachments, poor security implementation, weak anti-spam tactics.
Computer security is a broad topic: it can go from cryptography, to designing secure software or to make systems invulnerable. In this context, an ideal computer security expert should perform the following:
1) STUDY THE SECURITY LANDSCAPE: study can be done watching professional videos, reading books and blogs that are written by security experts.
2) TAKE ACTION: security is not only taught and learned in manuals but it is always applied. It is a good practice to have a sort of lab where systems are tested for vulnerabilities and networks are tested for holes.
3) SHOW WHAT YOU HAVE LEARNED: Security is not an art that can be seen from a pulpit, but it requires an expertise that can be shown not only via blog posts but also through podcasts. If you act locally, you can organize seminars and write papers for conferences.
4) GET CERTIFIED: certification is recommended for sure, especially if you are looking for employment. If your resume contains security certifications such as CISSP or CCNA security from Cisco, employers will give you an advantage over other candidates during their decision-making process.
Anybody can design security systems, but the way you will be noticed and build trust, is when you will find security flaws in other systems.
In my recent post I have discussed that security is a matter of trust, but when we use websites or devices of large companies like Facebook, Google etc, what comes into place is a sort of feudalism that entails us giving up our awareness of being safe. What comes into place in this companies is an automatic embedded security that makes us all feel safe even if we do not know at all if it is true or not.
Large corporations will never disclose how they are going to protect us: what we only know, however, is when they give in to the pretenses of the government through the NSA or when they oppose spying technologies like recently Apple has done on its Iphone 6. It is hard to believe that a multi-million dollar company has to balance the interests of its users and the pressure coming from the government. Not an easy job at all.
On the other hand, the security implemented by these large Internet corporation is stronger than the security applied by the average user; the example of cloud services preserving data from crashing machines help understand how fast users’ data can be quickly downloaded and restored.
So, at the end, how we survive? We will survive if from this behavior typical of the Middle Ages we come out as new Renaissance men, that is, if we adopt the model we have studied and believed in.