Internship as a Cybersecurity Specialist

post by Neeshé Khan (2018 cohort)

I carried out my internship with Connected Places Catapult (CPC) between February to April 2021 on a full-time basis. I worked as a Cybersecurity Specialist in the Cyber Security Team within the Applied Data and Technology Directorate. I did this during the third year of my PhD – thanks to the efforts of my (super) supervisor who aligned the stars for me after my industry partnership lapsed.

My overall set up:

CPC provided me with ideal conditions that allowed me to get comfortable and take things at my own pace. This meant that I was able to work autonomously, trusted to perform my job to the best of my abilities and proactively look for and choose to work on projects that interested me. To discover projects of interest, I started off by speaking to a lot of people about their work and their vision for the projects to understand if there would be added value by adding in a cybersecurity element. This discovery effort was helped tremendously by my line manager (and some Urban Technology team members) who directed projects my way which made for good introductions and built my confidence.

I had regular catch-ups with the Director and weekly check-ins with my line manager to discuss how I was doing, projects that I found stimulating and my overall progress. Although my line manager worked at CPC three days a week, we quickly built a strong rapport with each other where we could just talk about things on my mind, seek her guidance on various aspects and have a relaxing conversation. She was also very responsive on messaging platforms and emotionally intelligent which meant that I knew she’d be there if I needed her, providing me with a lot of reassurance and making me feel safe in a new, remote environment.

As I was the only member in the Cyber Security team, I collaborated with the Software Engineering team but was primarily hosted by the Urban Technology team during my placement. There were the expected 9.30am morning catch-ups on alternating days that provided me with a valuable opportunity to learn about some of the other projects the team were working on. Team meetings on Mondays were one of my favourite things as it incorporated brainstorming using an online collaborative board and was one of the best applications of Action Research Methodology in a real-world setting that I’ve seen. Being a part of this team and the wider Directorate was really enjoyable and I’m hoping to see everyone in real life once offices re-open and maybe we can find ways to continue this collaboration.

My projects:

I worked on a range of projects with various teams. I mapped cybersecurity stakeholders which was a landscape scanning exercise to record entities within cybersecurity and the various resources they provide to the wider public. I also reviewed existing and potential projects pertaining to Critical National Infrastructure to identify aspects linked to cybersecurity that would be potential sources of collaboration. I fed in to CPC’s response to the governmental consultation on the cybersecurity of 5G Private Networks.

CPC was also engaged with ‘Homes for Healthy Aging’ that involves assistive technologies to help the aging population stay in their homes for longer. I advised on the cybersecurity elements of this project to help incorporate cybersecurity proactively in the early stages of their testbeds.

I produced a detailed report on Cybersecurity of Future Air Mobility and Digital Twins through a consultation with two leading SMEs in the digital twin space. This was a very exciting project with a 2 week turnaround (including the consultation with the SMEs). This report is due to be published on their website in the coming months.

And finally, my passion project which was suggested by the Urban Technology team was designing cybersecurity resources for local authorities and SMEs. This excited me as these segments are cybersecurity poor with limited resources and often struggle to get acquainted with the fundamentals of cybersecurity in a meaningful or practical way. I designed a game which explored privacy within data and two resources exploring the themes of Spear Phishing and Strong Passwords. The aim of this series is for the audiences to explore how cybersecurity is linked to the technologies they invent, implement and utilise for their clients. This would be a great resource page for start-ups and local authorities if it’s developed further.

Overall, I was surprised by how much of an impact remote working has if you’re starting a new position but I think I was very lucky to get an amazing line manager, a wonderful team (who made every effort to pronounce my name correctly and conquered it) and a really wonderful working environment that allowed me to feel connected despite never having visited their offices (which look really cool)!

Coronavirus, working from home and cybersecurity

Post by Neeshé Khan (2018 Cohort)

As coronavirus sweeps across the globe all sectors are looking towards governmental bodies to issue statements that outline the next steps to contain this pandemic. Even from its early days, coronavirus demonstrated its far reaching impact on economies through effecting major sectors such as hospitality, tourism, governmental operations, hospitals, exports, imports and education (to name a few).

Italy is on an incredible total lock-down that hasn’t been seen by any developed state in recent memory. Wuhan’s lock-down is an incredible feat albeit too late. The US takes a more relaxed stance but has seen a number of cases where businesses are encouraging or mandating employees to work from home (WFH). In the UK, the Chancellor has just announced a £50b emergency response budget to the national health services, companies with less than 250 staff will be refunded for sick pay (for a period of 2 weeks/employee) and Statutory sick pay will be paid to all those who choose to self-isolate, even if they don’t have symptoms. I have also had conversations with people in the health service who are taking an unpaid leave of up to a month during this time to safeguard themselves. So things are getting serious and business can allow employees to work remotely for at least without suffering financially.

The dilemma with many businesses is that they’re not setup correctly or securely enough to allow remote working. This is no surprise as it costs businesses a great deal of money to secure remote channels that can access their information systems and ties in closely with their existing software and hardware architecture. Plus, it’s a complex operation to roll out and debug.

If your cybersecurity is compromised whilst WFH, sure enough someone (most likely you) will be held accountable. So, what does it mean for you if you’re at small business/start-up/charity/governmental department that’s just implemented a WFH policy.

Before leaping for joy at how convenient this might be for you (cutting out commuting time, money and health risks from mouth breathers) take a beat and consider doing the following:

Safe working space at home

This is a big one. Homes have a lot of distractions so what would this mean for your productivity? Would you end up putting in more time to make up for it? Is there enough structure at your place to allow you to take timely breaks and balance out your professional and private life? Would you remember to lock your device every time you step away or risk your child hopping on and sending out an email you were drafting and cause a formal cyber incident? Would it just mean more work for you? A ‘safe’ space should be your first thought when considering WFH.

Insurance coverage

Check what your company’s insurance policy is. If you (or your cat) accidentally spills something on your company device, is it covered off office premises? You don’t want to be out of access and be out of pocket for a policy implementation that wasn’t well thought out and you didn’t know what the risks would be.

Cybersecurity when WFH

Both elements above involve cybersecurity. Insurance coverage also covers the Availability aspect of cybersecurity and working space at home covers cyber accidents and incidents. Not many people would even know what a VPN is and wouldn’t have this set up for their home broadband. And that’s OK for your personal use! But when working on your home Wi-Fi it could impact your cybersecurity levels when WFH. Before you begin, ask your employer if they have systems in place that ensure your cybersecurity levels while working remotely are equally secure as when you’re on the premises. This could entail things such as encryption that add an additional layer of security when working remotely.

Access

I found out through experience that while small companies offer a ‘basic version’ of working remotely it can come with a lot of lag (you have a portal you go through via a personal device to access your work computer’s desktop). If systems aren’t set up correctly (well configured) your access can hang or crash. This could mean you’ll end up doing the same task for the tenth time! If you’re using your personal device to remotely access your computer and are frustrated with the system not working, you might be tempted to move files to your personal devices (so it all ends before you enter your kill zone) – don’t! This becomes more hassle than it’s worth and it’s much easier to get in touch with your IT department to report the issue to fix before you can begin your work on that task again – so sip some tea in the meantime.

In some cases the drives can be separated so while it all appears normally on your work computer this might not be the case for when you’re working remotely. Check with your employer if there’s a specific drive you need to move your documents to (while on premises) to ensure you have access to them remotely.

If you have a company provided computer such as a laptop then you’re clear of most of the headaches that come with lag, crashing systems and availability of documents – hurrah!

Prefer conversations instead of emails or texts

Try to have as many skype/video/call conversations as possible. This ensures that you are actually speaking to the person who you think you’re speaking to so your communication has what is known as Integrity in cybersecurity. Access through an insecure connection (such as your home Wi-Fi even if it has a strong password) can mean your account gets compromised and you have a man-in-the-middle intercepting and responding to your confidential company communications.

These are just some of the things that came to my mind when thinking about WFH cybersecurity and I hope it helps! If you’re a team leader encourage your team to adopt these practices. If you’re an employer, certainly consider these aspects prior to enforcing remote working. It would be good for companies preparing to have their employees WFH, to have a session that outlines best practice scenarios, remits of liability and answer any concerns or queries while we wait for coronavirus to pass.

–originally posted on Neeshé’s blog