Cyber Security Specialists: the weak link is people, not technology


If we had to pick out the most mythical IT specialty, security specialists would undoubtedly rise to the top of the list. Not only because cybersecurity theme is often used in popular culture - from films to novels - but also because when the virtual space is increasingly starting to permeate all parts of our lives, practically all of us start to face non-security. "No one is safe," Centric IT Solutions Lithuania Security team's Engineers Aurimas Černiakovas, Lukas Antanaitis and Aivaras Klišauskas smile in unison, right away adding that in most cases, it is the inadvertent and reckless people who become the security's weak link and not the crooked technology. "Our main goal is to minimize the risk as much as possible and, in the event of something, detect it and respond promptly," cyber security experts say.

Security: what's it about?

"Imagine, each device we use - from a computer to phone or remote control - has its own system, so each one can be hacked, broken into and used for dishonest purposes. For example, you must have definitely heard stories about how people had their video cameras hacked, how through video game consoles their houses are being secretly watched, how bank card details are stolen, and so on. Therefore, it is natural that security issues are important not only to IT System Design and Maintenance Specialists but also to each and every one of us. And for companies, the key to security is writing down the company's policies and adhering to them consistently. An integral part of this process is to train your employees because it is people who make the most mistakes," Aurimas Černiakovas the IT Centric Security Engineer says.

"Security professionals must ensure that three basic requirements are always maintained: confidentiality - that only the people to whom the information is intended have access to it; integrity - to prevent information from being uncontrollably changed, deleted/supplemented; accessibility - so that information is always available to those who have access to it," Aivaras Klišaukas an IT Security Engineer says.

One specialty - many paths

Interest in cyber security is increasing due to the growing demand for these professionals: at the moment, there is a lack of security specialists not only in Lithuania but also worldwide.

By the way, the paths to cyber security were different for all three guys - Aurimas, Lukas and Aivaras. For example, Aurimas, who graduated with a degree in thermal energy retrained and moved to IT much later, when he was around 30.

"My example can serve as proof that it is never too late to move to IT. I have always been interested in it, learned and deepened my knowledge independently but of course, the beginning was not easy: I had to absorb huge flows of information in a short period of time, study for the certification exams and then take them. The mighty internet was a big help since you can discover all the trends, find out which certificates are appropriate to which career:" Aurimas recalls the beginning.

Meanwhile, Lukas Antanaitis, a Junior IT Security Engineer, who, since childhood has been curiously disassembling all home appliances and learning to disassemble and reassemble computers with his eyes closed, after graduating from Kaunas College with a degree in Computer Network Administration, began his career in managing and maintaining IT equipment.

"A few years later, I got an offer to come and try my luck in a Cybersecurity position at the foreign-owned IT company that was starting up in Kaunas. I confessed immediately that I am quite inexperienced in this field and have very little knowledge. The first half-year was all about dry theory learning, reading, attending various seminars; at the end of the workday, my head was buzzing from the information load. Despite that, I got a fantastic opportunity to gain in-depth knowledge: I came to work in a huge and ready-made infrastructure full of tools. All I had to do was take them, learn and grow," Lukas remembers his first steps into the world of security specialist.

Aivaras, who graduated from computer science studies at Kaunas University of Technology, also says that while studying, he not only acquired academic education but also independently accumulated a wealth of knowledge, hungrily gathering information from all around him. Starting with IT network maintenance in schools, he took a Cybersecurity Researcher's position after getting his master's degree.

"I, like Lukas, did not have that particular job experience, but before going to the job interview, I spent a few weeks researching the topics they might ask me about and what might be relevant to a specialist engaged in such work. So even though I did not have the practical knowledge, I tried to at least theoretically understand this topic. And that's how my career in IT security began, (and it still continues)," tells the IT Security Engineer.

A many-sided activity requires diverse experience

"This job is quite colorful and eventful. Those who want to program can go into security areas that require more programming, those who wish to interact with people or, for example, work with systems, will opt for other cybersecurity teams. Or maybe you would like to be a penetration tester - better known as a hacker, but one hired by companies themselves to test the resilience of their system. Your job would be to pinpoint the vulnerabilities you have discovered and to recommend the ways to fix them. By the way, with regard to the latter: only in the movies, such tester takes a minute to break into extremely secure systems. In truth, upon receiving the tasks, professionals can work from one hour to a year, depending on the complexity of the project, scope, and experience," Lukas explains.

An important mission in bringing new people to the ranks of security professionals goes to IT companies that accept the young people, who are studying or have just graduated, to practice, learn and integrate and get ready for this type of work.

"Of course, where there's security, there's the sensitive and confidential information, therefore, a special learning environment has to be set up for a person, who will be staying for a few months of internship, where he can improve, learn to use tools and understand the specifics of the job. We hope that in the near future we will be able to share our knowledge and experience in the field of security with students who have chosen Centric for their internship," Aurimas says.

All three Security Engineers agree that their field is not homogenous, so there may be many branches and specializations of security. And this is one of the reasons why it is worthwhile for young professionals to gain experience in other areas of IT before choosing a security path. "Being a security specialist for a particular product, you must first understand the product itself. Only knowing how an item or system works, you can protect it," Security Specialists claim.