The "Art of War" an Interview with a former Cisco Academy Student working in the Banking Sector

Whilst I currently work at the Open University in the UK, in a previous incarnation I used to work at Barnfield College, in Luton, England. Barnfield is a further education college (comparable to a technical college / polytechnic). At Barnfield I managed the Cisco Regional Academy and had the privilege of teaching countless[i] students on the CCNA and CCNP amongst other courses.
Many of the students have benefited from the Cisco Academy experience, enjoying successful careers in the networking and systems support industry.
This blog is an informal Interview with Fred Mpala, one of the many former students who has in the seven years since leaving full time education has forged a successful career in the "security" side of networking and telecommunications (in spite of my efforts to the contrary he says).
Currently working in the City of London, Fred is a senior information security officer[ii] of an international bank, overseeing the management of their infrastructure security. This interview is taking place on a cold March evening, sitting in a restaurant in sight of the Tower of London[iii] and the Tower Bridge.
Q What attracted you to the Cisco Academy?
A At the time, it was the opportunity to get a higher education qualification as well as gain practical experience with a commercially recognized certification
Q How does the current financial climate impact on your work?
A Security is a discipline you cannot afford to reduce expenditure on, even when times are tough. Whilst my employer like many financial institutions is watching all outgoings, it is not at the cost of reducing the security of our systems.
Q Would you be where you are without the Cisco Academy
A No, the reason I gained my first position in systems support was as a result of my CCNA and technical knowledge gained.
Q Have you stopped at the CCNA?
A Once I gained the CCNP BSCI, I decided to specialize into systems security. Over a period of four years I have taken CISSP, CEH, CISM[iv], MCSA, Juniper, Bluecoat and checkpoint certifications. Whilst Cisco certification is an essential start, I found to be successful in my sector, one has to aquire a cross disciplinary portfolio.
Q Without giving any commercial confidences, can you describe your current role?
A Having too many roles to describe in this interview, I feel a good summary of my role is managing the strategic security policy for the bank, ensuring current threats awareness and managing information risk on a daily basis (controlling who has access to what within the organization as well as outside). My day is never the same with many issues to resolve, unfortunately I cannot share with you in any terms what these may be.
Q What other studies are you currently taking to advance your career?
A I am finishing my PHd Thesis on Information Warfare, time willing, this will be completed in May 2010.
Q For anyone looking to develop their career in Network Security, what do you feel would be a good starting point
A CCNA Routing and Switching then CCNA Security, you must have a strong knowledge of how networks work before you start on any systems security career.
Q What do you feel are other important subjects anyone studying network security should consider?
A There are many areas, personally I favour
·      Digital forensics, for many organizations, there is a need to ensure that the 'scene' is preserved in the case of any disciplinary action, regarding a security breach, time and time again I have seen the case fall at the lack of 'evidence preservation' where people have foolhardily accessed the computer in question.
·      Whilst I never condone any criminal activity, ethical hacking[v] is an area that must be considered. In the words of Sun Tzu, "know your enemy as you know yourself".
Because of the nature of Fred's role and the sensitive nature of the banking industry, we felt that it was not advisable to share who he works for in the sector. Irrespective of the view of many regarding bankers in general, there are many who work in the banking and financial services industry who owe a great deal to the Cisco Academy and are working quietly as you read this to ensure their systems are secure.



[i] Countless means that I have personally lost count, it went past 1000 at Barnfield so long ago.
[ii] Equates to vice president in most other organizations
[iii] The Tower of London is traditionally the prison used to keep the those accused of committing crimes against the state and the monarch
[iv] CISSP is Certified Information Systems Security Professional, CEH is Certified Ethical Hacker, CISM is Certified Information Security Manager, MCSA is Microsoft Certified Systems Administrator.
[v] The Cisco Academy as well as the author of this blog as well as Fred Mpala does not condone hacking of any system that you do not personally own and equally have full right of access

Comments

Post a Comment

Popular posts from this blog

Wikipedia editors never walk alone: Hillsborough changes can be traced ... from @ConversationUK

Image
By Andrew Smith , The Open University According to the Liverpool Echo , UK government computers have been used to make offensive comments on the Wikipedia page detailing the 1989 Hillsbourgh Disaster over a number of years. The newspaper reports that revisions to the page have been made from computers using the government’s secure intranet since 2009. They include insults to Liverpool fans and a comment suggesting that fans were responsible for the football ground disaster, in which 96 people died. This case highlights the continual issue of trolling and cybervandalism on Wikipedia. It also shows how journalism is using good, technical forensic tools at the disposal of every cybercitizen. Cybercitizens can be good or bad So many of us use Wikipedia on a daily basis that it is one of the most visited websites in the world. Yet not that many of us really understand how it works. Wikipedia is based on the principle that the community can create, edit and refine pages covering
Read more

If airlines offer in-flight Wi-Fi, they should invest in an extra black box for security ...

Image
Yijun Yu , The Open University and Andrew Smith , The Open University In-flight Wi-Fi is one of the most sought-after facilities for air travellers these days, now that laptops and smartphones are so common and so much of our working and personal life revolves around online services. But a US Government Accountability Office report has suggested that many in-flight wireless networks could expose the plane to being hacked or remotely controlled . In fact it’s of such a concern to US authorities that when a well-known computer security expert made an admittedly ill-thought-out joke about doing so on Twitter, he was promptly arrested, his computers confiscated, and subsequently banned from the airline . And all he was suggesting was to make the oxygen masks drop down. So it would appear that the stuff of Hollywood may jump from fiction to fact: Liam Neeson and Julianne Moore starred in the 2014 film Non-Stop , where a passenger hacking the aircraft’s internal wirel
Read more

Highlights and lowlights of 2014, a golden year for cybercrime from @ConversationUK

Image
Looking back, 2014 was not a good year for keeping things safe under digital lock and key. If a score was being kept, it might seem that the cybercriminals are in the lead, despite the valiant efforts – and own goals – from the cybersecurity profession worldwide. Cast your mind back to March , everyone was panicking about the HeartBleed bug. Based on an error in code upon which the majority of the world’s secure servers relied, experts had plenty of time to fix the issue. Sadly there was an array of conflicting information about changing passwords, leading to widespread confusion. While most IT administrators made sure this was managed in a professional manner, it created a stir that seemed to set the tone for the year. In May , online auction giant Ebay admitted to having been compromised. The site said its systems, with personal details of tens of millions of users, may have had been vulnerable for months. Everyone was advised, indeed forced, to change their password. In the
Read more