Reflection on “Security Guards by Hendershot, September 2014”

The article “Security Guards” discussed one of the biggest challenges and risks that all the IT project are facing these days, which is the cyberattacks.

Nowadays, many companies understand the severity of the threat of the cybersecurity, which makes planning of that risk a priority. Back in the days, IT teams would use firewall and antivirus as the main defense line for their projects, but now their methods had to be developed and improved to be as sophisticated as those of the hackers, especially that many firms started to view the hackers’ attacks to be fact and an event that will happen sooner or later.

One of the first questions that a project manager needs to ask before start planning to that threat/risk is “How can any user use the system in a bad/harmful way?”, and the answer of that question will demonstrate the understanding of the product/service that the team is trying to provide for that final customer; seeing the product from a new perspective. The project managers should also identify the most strategic information that can attract hackers, and give those the priority when it comes to risk management.

The article highlights the newest trend in the market for understanding security; there are two sides of the equations that the programmers focus on; Blocking and Defending (the Army), and building reliable software that can’t be attacked (the Police).

There are many techniques that the IT programmer uses in building their defenses, especially in the financial services such as the online banking sites; these teams developed behavioral analytics-based softwares that can separate normal activity from suspicious activity, what makes that technique very interesting is that it was developed after a long process that included learning from the hackers themselves.

Some of the lessons learned from this article are the importance of the culture role in risk management; without the support of the top management, it becomes really hard to plan for risk successfully. Another lesson I found is that the risk assessment is a continuous process in order to improve response plans.

Personally, I found that article very eye-opening to what is going on behind the scenes; I have always read about the hackers attacks, but I didn’t know that it was that sever. This article also made me develop an appreciation to many of the financial institution that I deal with when it comes to my online banking. My major is a bit far from the IT programming; however, as a customer for the financial services, I had my PayPal account hacked into once, and I had to call my bank, and I end up opening a federal case, I never through they will handle it this way. Anyway, my case was closed after getting back my money which was found to be moved to Paraguay from some hacker. I found out later that this attack was not random, and many PayPal users had their accounts hacked into, also many news websites wrote about it, October 2016. The internet made this world a small place, however, it brought a dark side with it which back in the days we didn’t have to worry about that much.