About Keith Pradeep Fernandez
Keith, CIPP/IT, CISSP, CISA, CISP, is a seasoned Security and Privacy Professional with a rich experience of over 15+ years in various geographies (US, Australia, Middle East, India) and industries like IT Consulting, Internet and telecom Service Providers and software development firms including a fortune 500 client. He is currently working as the Vertical Head, Information Security Transformation and Engineering, for one of India’s leading telecommunications service provider. He has won the Aditya Birla Group Chairman’s Award for outstanding excellence and Excellence Award for transforming Information Security in his present organization.
1. What attracted you toward this field? Did you always aspire to be a Cyber Security Professional?
Keith: I was always interested in IT and loved building stuff but security wasn’t that prominent when I started my career. However, in one of the earlier jobs, around 13 years back, I was a system administrator and we used to have a few servers hosted online. We got hacked a few times and it was interesting to understand how we got hacked and what was happening post the attack. That was my first brush with security, since we were a pretty small company we had to ensure that our systems were adequately patched and hardened.
2. In your opinion, what is the single most important component in cyber security success?
Keith: People are the most important components in success of a cyber-security program. Be it management’s commitment, end users understanding of security or the cyber security folk’s ability to adequately judge risks. People are the weakest link when it comes to protecting information assets. Therefore, it is necessary to ensure that organization as a whole is onboard when a cyber-security program is being implemented. A lack in motivation among any of the three groups would be a recipe for disaster.
3. What levels of sophistication are you seeing with recent attempts to breach organizations?
Keith: The recent hacks in the news, in the last couple of years or so, show that most cyber criminals focus on stealth by using sophisticated attack vectors like Advanced Persistent Threats (APTs). Like security researchers there are exploit researchers who look for currently unidentified vulnerabilities, or zero-day vulnerabilities, in the most commonly used systems. Instead of reporting these exploits to the vendor, they are sold. The online underground market, or the dark net, is proliferated by sellers of such exploits. They also have the capability to package these exploits with a botnet. Today, anyone can rent a botnet for a certain price. According to betanews.com, this means individuals with minimal DDoS skills can execute attacks using standard scripts. The average fee to hire a botnet for one hour per month is $38 with some as low as $19.99.
4. How do you keep up to date with new cyber-attacks, breaches, tools and technology?
Keith: In this line it is very important to stay updated. I scan various security sites like DarkReading, Naked Security, etc. I also interact with a lot of security solution providers to understand latest trends and happenings in security. Regular security conferences are also a good way to network with peers in the industry to understand how they are handling various security issues and what new tools and technologies are being implemented.
5. What would be your advice to people who want to pursue a career in this field?
Keith: Lots of people directly start as a cyber-security professional. The most important thing is you have to have your fundamentals clear. It is very important to have a base on either systems or networks and IT in general before opting as a cyber-security professional. Also, the Certified Information Systems Security Professional (CISSP) certification from (ISC)2 is a good starting point for someone who wants to move in from another domain in IT to Information Security.
6. Would you like to recommend a book, a TV Show or a movie related to Cyber Security for our readers?
Keith: I liked the movie The Net and an old movie called The Hackers [it has completed 20 years recently]. I haven’t seen Blackhat that released this year but it appears to be good. There are a lot of books on Information Security depending on where your interest is. Some good books are The Art of Intrusion, The Art of Intrusion and Ghost in the Wires by Kevin Mitnick and Security Engineering: A Guide to Building Dependable Distributed Systems by Ross Anderson.