Question: "I am a third year IT Security student thinking of a security test tool. On what aspect of security should I think about in order to avoid recreating the wheel?"
My Response:When I was in graduate school (2015-2017), I always pursued research opportunities that would increase my knowledge about the sector that I’m most passionate about: critical infrastructure. To prepare for future projects, I was trying to educate myself on secure architecture and engineering strategies for advanced metering infrastructure (AMI). To my surprise, available research on securing AMI was very limited. At the time of this writing, this is still an emerging challenge that could benefit from new creative solutions. Speaking of advances in tech, companies like Georgia Power are building the future of energy with innovative Smart Neighborhood Projects. They are building entire neighborhoods while integrating future functionalities into the design. According to Southern Company COO Kimberly Greene, these research projects will allow them to understand “how distributed energy resources interact with the electric grid and how emerging technologies will improve customers' lives.” I am willing to bet a certification voucher that security is not in the architecture process. I’d love to be proven wrong. The key here is to view emerging technology as opportunities for security research. There are other areas that will continue fueling the need for skilled security talent well into the future, including:
- Industrial protocols
- Cryptocurrency mining
- Internet of things (IoT) security
- Autonomous vehicle security systems
- Rapid quarantine of polymorphic malware
- When you develop a tool to solve any of these problems, do not keep it behind the walls of academia. In fact, I encourage you to engage with people in your local security community to get constructive feedback, mentoring, and build mutually beneficial relationships along the way.
- When you’re able, share your work with the community in person and on social media. If you don’t have a blog, LinkedIn is a great place to share progress and lessons learned.
- Submit to calls for papers at security meetups & conferences near you. If you’re not comfortable with public speaking yet, go sign up to be a volunteer.
- People hire and refer opportunities to people who they know and trust. Therefore, building your network is just as important (if not more) as finishing your education and building that tool.
- Being an active contributor will also make you stand out as a results-oriented problem solver and position you to write your own ticket prior to graduation.
- People earn degrees and certifications all the time. Very few take the initiative to build tools, produce content, volunteer, and share their passion for the discipline.
- Stand out from the crowd.
- Follow through.