I have worked in the IT industry since the mid 80’s as a software developer, Business Systems Analysis and Business Solutions Architect in technology departments across multiple industry sectors, and more recently in the financial services industry.
As part of my work as a Business Systems Analyst I always had to write non-functional requirements, one of which was always that the application we were developing had to be secure. This typically meant that:
- A user would be fully authenticated against current business policies
- A user would be able to reset and/or recover their password
- An administrator would be able to create, maintain and disable a user
- All actions of a user on the system should be logged against their user Id.
Up until recently this was adequate since all applications were inward facing and would not be exposed to external clients. However, today’s clients want to be able to see the real-time status of their instructions and often communicate directly via API’s and business websites with the operations teams and their back-end applications. This requires a degree of integration with the back-end applications and as a result this key non-functional requirement evolved.
I began to think about what this meant in this new environment, and hence my interest in Cyber Security was kicked off. Today client facing websites and API’s that link to the back-end systems needed to up their game regarding security and have to protect themselves from a whole host of threats.
My interest in Cyber Security extends over a wide cross section of user activity including:
- Ensuring the business process is secure and appropriate Cyber Security controls are in place
- Reviewing the IT security practices (e.g. management of user Ids and securing the systems people use with appropriate strong authentication)
- Aspects of Penetration Testing as it relates to the business controls and practices
- Ensuring the workplace is secure .
I am also very interested in the wider impact of Cyber Security on consumers through use of public WiFi, authentication, use of mobile technology and IoT devices, and protecting against Cyber Criminals and the various attack methods they employ.