>

Making an Impact: How a Cybersecurity Engineer Protects the Online Community

5 MIN READ

10/22/2020 | |
Making an Impact: How a Cybersecurity Engineer Protects the Online Community

MetroStar is exploring the positive impact our people are having on the world around them. In this series, you will learn about the different roles, projects, and positive changes MetroStar’s team is helping to create.

For Gen Z and Millennials, TikTok and other social media channels may be the first thing that pops into their head when they hear someone discussing cybersecurity, hackers, and keeping your personal data safe.

In reality, cybersecurity (and everything it encompasses) is a 24x7x365 day battle between users, organizations, and malicious hackers. As the world continues to become more cyber-friendly, the thought of cybersecurity should be on everyone's mind.

Farhan, a Principal Cybersecurity Engineer with MetroStar advocates for strong organizational security practices and security in a person's everyday life. Farhan works in the Client Solutions Group providing cybersecurity solutions both internally for MetroStar and externally for our public-sector customers.

The Path of Cybersecurity

Farhan started on the general information technology (IT) side of things but found himself moving towards the Information Assurance (IA) space. It was there that he began to better understand compliance and security frameworks.

"In my field, you have to not only understand the business side of things but also how systems work and are implemented. I was able to build my career on the engineering side of the industry because I had exposure to those aspects," Farhan said.

Everyone needs cybersecurity, whether it's a government agency, commercial enterprise, or at home on personal devices. If you are not careful, then your information will become compromised. As we currently live in a technology-driven world, security needs are constantly changing and best practices must be identified.

"Applying best practices is critical, as it could mean identifying cyber threats at home or the ability to protect an organization from a ransomware attack from hackers," Farhan said. "When an organization is hacked, it creates a trust barrier between the user and the responsible party."

Broken trust between an organization and a consumer can take a toll on everyone involved, so having current cybersecurity measures is essential.

Making sure he is always up-to-date,  Farhan takes continuous education courses to maintain his current skills and learn new things. One of the concepts taught frequently is the transition to Cloud computing. Farhan has seen firsthand how the Cloud became an important aspect of the cybersecurity industry.

"Cybersecurity is becoming a hybrid role for so many people. You must understand Cloud computing now. As an engineer, you have all these tools to understand, but you have to get them to work together and understand their impact," Farhan said.

To help others in the field understand these connections and changes, he has helped developed training programs. These programs are meant to close the skill gaps now found in the cybersecurity workforce. This shift in skills is due to the change in culture towards Cloud computing and hybrid roles.

"Training programs are now showcasing more than just the compliance aspect of cybersecurity but also the Cloud, architecture, and the tech side," Farhan said.

Cybersecurity and the Federal Government

"Government agencies are pushing for Cloud capabilities and DevSecOps more than they did in the past. If you do not understand those things, then you will quickly be behind in the Federal space," Farhan said.

DevSecOps allows for a faster streamline of cybersecurity implementation and management in the Federal sector.

"To build a system, it can take a few hours or up to a few days, which is quicker than before," Farhan said. "These new systems are all available in the Cloud, and DevSecOps allows us to establish security at the beginning of the process in the Cloud and be able to adjust easily when needed."

Farhan provides security to Federal agencies by implementing authorization measures for those who need secure and rapid access to their agency's information.

"MetroStar had an opportunity to develop a secure web application for a large federal agency. We ensured proper security requirements were included as a part of our design and implementation process," Farhan said. "Some of these items consisted of encrypting the data in transit, two-factor authentication for login help, and storing information in a way that meets FIPS 140-2 compliance."

Farhan and the MetroStar team implemented strong coding practices to protect the customer's application from malicious attacks. Continuous monitoring and scanning of the application are also being used to address vulnerabilities and patches required to maintain ATO compliance.

Everyday Impact of Smart Cybersecurity Measures

Federal agencies spend money, time, and resources on ensuring they have the best cybersecurity practices in place. Although, many major threats target the everyday citizen. Education on these threats and what to look for is a component of Farhan's internal job at MetoStar.

"Social media platforms are the biggest issue for privacy. Users must understand there is a level of encryption and know where their data is stored," Farhan said. "Attacks are going to happen every day, and hackers are always looking for a vulnerability to exploit."

Personal security, and understanding of cyber threats, is a vital skill set taught at MetroStar. Farhan's primary tips for any employee, customer, or member of the general public is to create strong passwords (especially on social media), use a password management tool, and when in doubt, look for a "locked" lock at the top of your web browser.

Essentially, cybersecurity is a necessary part of our everyday lives. MetroStar continues to enhance cybersecurity solutions, even as software becomes more intricate. MetroStar is not only a champion of providing security to customers, but it advocates for safe cybersecurity in the homes of all Americans.