In the second part of my cyber security series, I wanted to zero in on IT security and the challenges on the horizon for developers in staying ahead.
In the first part, which can be found here, we looked at the issue of Cyber Security in relation to developers, as well as the importance of design and – crucially – understanding how people ‘engage’ with technologies.
Now, I’m going to have a gander at the evolution of cyber education and explore secure system development.
Much like education in Traditional Engineering, cyber courses are becoming more prominent throughout Ireland. From IADT to NCI, you can tack on a MSc to your belt which will give you sound basis on core cyber security principles and, where possible, current trends.
In Ireland, we also have a strong developer community of some 2000+ devs/analysts who are directly working or have worked in cyber security related roles.
The above gives a boost to having core education available but the potential for peer to peer programming, bringing in real-world scenarios to bolster the industry, is one that can’t be missed. According to a Stack Overflow report earlier this year, there are 60k devs in Dublin alone meaning only 3% of that pool is directly working on cyber security as its core.
With more and more security attacks happening, especially compromising data and the security of personal data within organisations, how can developers and IT security specialists keep up, especially when devising and developing user interfaces?
One of the crucial topics at SecDev centred on helping developers, particularly in relation to security. The more Devs I meet and interview, the more it’s becoming a topic on what their thoughts and/or experience are with cyber security.
Software architect and design consultant Charles Weir, who runs securedevelopment.org, was one of the speakers at SecDev. Now a researcher at Lancaster University, Charles was Symbian technical lead for the Ericsson R380 smartphone, released in 2000 and often described as the first-ever smartphone. He was also app security lead for the commercial Android payments app – EE Cash on Tap.
In relation to security and developers, Charles offers the following advice.
Looking to the most pressing areas for software security right now, Charles points to two “huge” industries. The first is the software criminal industry, which has now become “really big business”. Secondly, he points to an increasingly similarly big business: outfits selling solutions that are based on “additions to existing systems to defend them against attacks”.
Both industries, while they exist on diverse ends of the cyber spectrum, “rely on each other” to some extent, he says.
“The attackers would prefer if the defenders didn’t exist. The defenders rely on the attackers existing for their income, or profitability. It’s an odd sort of relationship.”
Personally, Charles sees the key thing that is required is something in the “middle”, which neither party is particularly interested in.
“That is people defending themselves in security,” he says.
“Because it has been found very difficult to teach end users effectively, a lot of that is around various aspects of how we design software and create software to be secure.”
Charles cites the scenario of how it may be in eight years time someone is going to come up with a framework to use on whatever system they are programming – be that an IoT app or a huge supercomputer.
“That will be a framework that handles security and all you have to do is worry about programming.”
He says he is not “holding his breath” on the likelihood of his happening, however., for a variety of reasons.
“This is quite a complex problem, but until that [framework] exists, this is a pressing area of software – to make that type of self-help possible.”
This is where the need to educate people in general about security comes to the fore, but Charles says people are increasingly catching on.
“The new generation takes their software security much the same way they might take their personal security. That’s the attitude you want,” he says.
Turning to developers themselves, Charles reflects on the difficulty in keeping up with security at the minute, particularly with app development.
Software security is more than just about coding, he says, but also about functionality.
In addition, developers have to think and anticipate how users will use the technology.
He says it is often the case that designers do not anticipate such user behaviour.
“Increasingly, users like to break hack or modify systems of find alternative applications. Understanding this behaviour can lead to better customer solutions and new product ideas.”
And this is an area not just for developers to keep apace – but also for researchers and educators.
According to Andrew, academics also need to stay on the cusp of secure system development, learning both from developers themselves and from an overall industry, to help shape how they teach the next generation of IT professionals.
“This is a rapidly changing environment and we are all learning to learn at an increasing speed,” he says.
For students who might be thinking of studying computer science or data engineering, Andrew says that university does not provide people with “answers”, however.
“If you are lucky, it teaches you how to ask the right questions and how to begin your journey of learning.”
And while the world is changing at a rapid pace in terms of digital advancements, Andrew says it is still important to take a step back from the screen every now and again.
“Stand in front of an original work of art in a gallery and take in not just the image but the sense of place, the smell, the texture of the surface, the sound of the space and our shared humanity,”.
Coming back to solving a problem after taking a step away from it can be a huge boost to a fresh viewpoint. Unfortunately, developers still have to learn-by-doing when it comes to the most current of problems but education, whether classical or through peers, will near always create a strong baseline for approaching and solving new problems.
Author: David Pepper
David is a recruitment professional who takes a consultative approach to finding and placing the best talent. He is an avid photographer and tech follower who loves to dabble in digital projects.