The "Art of War" an Interview with a former Cisco Academy Student working in the Banking Sector
Whilst I currently work at the Open University in the UK, in a previous incarnation I used to work at Barnfield College, in Luton, England. Barnfield is a further education college (comparable to a technical college / polytechnic). At Barnfield I managed the Cisco Regional Academy and had the privilege of teaching countless[i] students on the CCNA and CCNP amongst other courses.
Many of the students have benefited from the Cisco Academy experience, enjoying successful careers in the networking and systems support industry.
This blog is an informal Interview with Fred Mpala, one of the many former students who has in the seven years since leaving full time education has forged a successful career in the "security" side of networking and telecommunications (in spite of my efforts to the contrary he says).
Currently working in the City of London, Fred is a senior information security officer[ii] of an international bank, overseeing the management of their infrastructure security. This interview is taking place on a cold March evening, sitting in a restaurant in sight of the Tower of London[iii] and the Tower Bridge.
Q What attracted you to the Cisco Academy?
A At the time, it was the opportunity to get a higher education qualification as well as gain practical experience with a commercially recognized certification
Q How does the current financial climate impact on your work?
A Security is a discipline you cannot afford to reduce expenditure on, even when times are tough. Whilst my employer like many financial institutions is watching all outgoings, it is not at the cost of reducing the security of our systems.
Q Would you be where you are without the Cisco Academy
A No, the reason I gained my first position in systems support was as a result of my CCNA and technical knowledge gained.
Q Have you stopped at the CCNA?
A Once I gained the CCNP BSCI, I decided to specialize into systems security. Over a period of four years I have taken CISSP, CEH, CISM[iv], MCSA, Juniper, Bluecoat and checkpoint certifications. Whilst Cisco certification is an essential start, I found to be successful in my sector, one has to aquire a cross disciplinary portfolio.
Q Without giving any commercial confidences, can you describe your current role?
A Having too many roles to describe in this interview, I feel a good summary of my role is managing the strategic security policy for the bank, ensuring current threats awareness and managing information risk on a daily basis (controlling who has access to what within the organization as well as outside). My day is never the same with many issues to resolve, unfortunately I cannot share with you in any terms what these may be.
Q What other studies are you currently taking to advance your career?
A I am finishing my PHd Thesis on Information Warfare, time willing, this will be completed in May 2010.
Q For anyone looking to develop their career in Network Security, what do you feel would be a good starting point
A CCNA Routing and Switching then CCNA Security, you must have a strong knowledge of how networks work before you start on any systems security career.
Q What do you feel are other important subjects anyone studying network security should consider?
A There are many areas, personally I favour
· Digital forensics, for many organizations, there is a need to ensure that the 'scene' is preserved in the case of any disciplinary action, regarding a security breach, time and time again I have seen the case fall at the lack of 'evidence preservation' where people have foolhardily accessed the computer in question.
· Whilst I never condone any criminal activity, ethical hacking[v] is an area that must be considered. In the words of Sun Tzu, "know your enemy as you know yourself".
Because of the nature of Fred's role and the sensitive nature of the banking industry, we felt that it was not advisable to share who he works for in the sector. Irrespective of the view of many regarding bankers in general, there are many who work in the banking and financial services industry who owe a great deal to the Cisco Academy and are working quietly as you read this to ensure their systems are secure.
[i] Countless means that I have personally lost count, it went past 1000 at Barnfield so long ago.
[ii] Equates to vice president in most other organizations
[iii] The Tower of London is traditionally the prison used to keep the those accused of committing crimes against the state and the monarch
[iv] CISSP is Certified Information Systems Security Professional, CEH is Certified Ethical Hacker, CISM is Certified Information Security Manager, MCSA is Microsoft Certified Systems Administrator.
[v] The Cisco Academy as well as the author of this blog as well as Fred Mpala does not condone hacking of any system that you do not personally own and equally have full right of access