Computers, networks and internet technologies have transformed businesses, government and our daily lives. We have come to depend on them - if they fail, we risk losing assets, money and privacy. It is not surprising that organizations are investing in professionals with expertise in computer security and resilience.
Computer security is about building systems that remain dependable even in the presence of accidental failures or malicious attacks. Together, security and resilience (the capacity to bounce back from a failure) form an exciting and growing area of computing, and they are rarely out of the news. In spite of this, there are not enough trained professionals to fill the thousands of vacancies requiring security expertise. So what do computer security professionals do, and what training is available to become one?
What does a computer security practitioner do?
What is your image of a computer security expert? A brilliant scientist, working alone, hunched over the computer late at night, cracking codes, tracking down a hacker? There are a few people like that, but computer security is not just about hackers and cryptography (the study of secrets). Let’s think about an example. Imagine we are developing web-based information services for a bank. We need to ensure that privacy is respected, but the information must be available when clients need it.. To build such a system, we must understand:
• How faults arise. For example, programming errors coupled with a
malicious attack could make it easy to access private data. Unreliable
hardware might close the system down, costing money every second! Perhaps the design of an interface could confuse users, contributing to mistakes.
• How faults can be avoided: what tools can help us verify that the software we are developing is safe? Can we design “foolproof” interfaces?
• How to keep the service going when faults occur: should we use backup servers? Are they costeffective? What if the network goes down?
Even this simple example shows the variety of skills involved in building a dependable system. In addition, security practitioners rarely work alone, but in teams with other programming, design, human factors and management specialists.
A security professional thinks analytically and systematically, identifying potential faults and their consequences. Construction skills are important: using the right design and implementation patterns to preserve the integrity of a system. Business and enterprise skills are also essential for understanding the wider system of which the computer is just a part, mastering and evaluating information about threats and new technology.
Choosing the right graduate programme to develop these skills depends on your background, interests and the extent to which you want to combine practice with theory. A degree in computing, or a science or engineering subject with a strong computing component, is normally required. Many programmes will also admit computer professionals with industry experience. Different programmes will emphasise different aspects: some will concentrate on information security, others on system safety, for example. If you have a special interest in, say, human factors, make sure that the course gives you an opportunity to explore this in depth. Finally, if you want to develop team working and practical skills, check that the programme gives you an opportunity for extended project work. Examples of project areas include:
• Implementing and analysing an electronic voting mechanism
• Building a demonstrator for dynamically reconfigurable web services
• Evaluating graphical passwords
• Computer-aided verification of an electronic purse
Graduates in computer security and resilience are in very high demand. The combination of technical and business-related skills equips them to play leading roles in enterprise, government, industry and research and elsewhere.
Computer security and resilience is an exciting topic because the challenges and the technology evolve on a daily basis. The skills needed to keep up with this rapidly expanding field are varied and provide a platform on which a graduate can build a career in any area of the computing industry. Above all, computer security and Resilience are of real significance in people’s daily lives – studying it can make a real difference!