How to level up your cyber expertise with Deepayan Chanda MACS Snr CP (Cybersecurity)

17th August 2021

Highlights

1.       Introduce yourself

I am an Enterprise Security Architect for Cyber Defense and work for one of the premier financial institutions of Australia. As a Cybersecurity professional, I specialise in strategy, design and architecture of security platforms, security solutions in the areas of Advanced Security Monitoring, threat intelligence and Incident response.

2.       What is Security testing and how can organisations incorporate this into their cyber security strategy?

Security testing is a crucial part of what we do in cybersecurity, it can range from various activities like, testing the code that is written to build products for any existing vulnerabilities or security flaws, or testing the security controls and configurations of our devices and infrastructure. There is one other aspect that security researchers can try is Fuzz testing, this is an area where testing of software is performed to find unknown vulnerabilities by creating specially crafted test cases and using them to find software vulnerabilities. One of the critical areas is to perform penetration testing of our applications, network and other IT assets to find our security vulnerabilities and risks and at the same time try to exploit those vulnerabilities to simulate an attacker scenario by gaining access to those assets, Penetration testing should be performed at two different levels to ensure effectiveness, once during UAT of the software and once again when it’s in production (this is to account for any unforeseen changes that might have occurred during migration to production). Also, this reminds me to call out about the recent book on Penetration testing which explains some key factors about a proposed penetration testing framework that can be followed in an enterprise scenario.

3.       How has an ACS Certification helped you in your career?

I am always keen to be associated with global cybersecurity forums and public organisations, as this helps me connect with the latest technological advancements in the industry, increasing my knowledge and the ability to connect with other fellow professionals. It's very important for advancements in my career and ACS Certification has provided me just that.

4.       Describe why Certified Professionals are important to the ICT industry?

To help build and maintain security of an organisation is a tedious job, and it requires us as a cybersecurity professional to stay updated with latest skills, tools and techniques, we can all do that in various ways, however technical or professional certification always provides us that opportunity to add latest skills, and this is makes you valuable when combined with your own existing skills and past experiences.

5.       How did you find the ACS Certification process?

When I was planning to move to Australia and look for new opportunities to start with, I was certainly keen to be part of the local network in Australia to enhance my search, while doing so ACS Certification was certainly a priority one choice, and my personal experience of getting certified as Senior Certified Professional in Cyber Security was really smooth and seamless. The ACS team was really helpful and considerate.

6.       Do you have any tips to give to members interested in applying for ACS Certification?

The only tip that I would provide is that when you plan to apply for the ACS certification, choose the right certification first that aligns with your skills and experience, create the CV in extreme details, don't leave out anything, remember it’s not a CV for job interview, it’s to tell someone about your whole career, so bring out all the good things about your profile and the projects you did. And finally, you must have two references who know you very well, personally and professionally.

7.       What advice would you give to someone interested in kickstarting or progressing their career in cybersecurity?

Whether you are kickstarting your career in cybersecurity or already progressing your career in cybersecurity, you must keep pace with the past and latest attack and defense techniques, never stop reading as much as you can about cybersecurity (there are a gold mine of great books out there to start with), ranging from tactical approaches to design and Architecture to process and governance. Also, increase your professional network in cybersecurity to learn from others and their experiences, each one of them have something to teach for sure, as everyone's experience is unique, become part of industry forums to stay updated on technology trends and various events related to cybersecurity. You can also enrol yourself into university courses focused for cybersecurity, these days there are many short to medium term university courses, I have observed plenty such courses from Australian universities. One can even go for professional certification courses in security. These certifications range from like application security, network and infrastructure, to security architecture certification, there are plenty of Cloud Security certification if that is one of the choices, there are certifications related to security assessments and testings too. And last but most importantly enrol yourself into various trainings and webinars that ACS conducts about cybersecurity, as there is a lot to learn from that too.