general

The Modern Security Engineer’s Toolkit

/ bugejajoseph / Leave a comment

Traditional security teams were once seen as roadblocks – the infamous “department of no.” Today, we embrace the “shift left” philosophy, embedding security early in the development process. This represents a fundamental mindset shift: security is not an afterthought, but an integral part of the entire development lifecycle. By shifting security upstream, we detect vulnerabilities earlier, reduce costs, and build more resilient systems from the ground up.

In my journey from conducting manual security reviews to orchestrating automated security pipelines, I have seen this evolution firsthand. The most effective security engineers today do not just identify vulnerabilities — they collaborate with development teams to integrate security into the foundation of every project, fostering a culture of continuous improvement.

The Modern Security Engineer’s Toolkit

Success in today’s security landscape requires a strategic blend of skills and tools:

  • Cloud & Infrastructure Security: A deep understanding of cloud security across major platforms (AWS, Azure, GCP) is essential, along with expertise in securing containerized environments (e.g., Kubernetes, Docker). This is more than just checking boxes; it is about architecting secure, scalable systems that can adapt to the dynamic nature of cloud-native environments. Infrastructure as Code (IaC) tools like Terraform have also become integral in automating cloud infrastructure deployment while ensuring consistency and security. By defining infrastructure using code, teams can apply security best practices directly in the deployment process and version control, reducing human error, and increasing the security of cloud environments.
  • Automation & Integration: Security must be seamlessly integrated into CI/CD pipelines. Manual processes are no longer scalable in rapid development cycles. Leveraging IaC tools to automate secure cloud infrastructure provisioning is a key part of this, ensuring consistency and security throughout the infrastructure lifecycle. Beyond infrastructure, automating tasks such as vulnerability scanning (e.g., using tools like Snyk), compliance checks, and threat intelligence feeds within the CI/CD pipeline vastly improves security posture. For example, automated container scanning can detect vulnerabilities early, reducing production risks. This comprehensive approach to automation, from infrastructure deployment to application release, strengthens security at every stage.
  • Incident Response: When incidents occur, calm precision is essential. Modern security engineers do not just react to threats; they build proactive, automated systems for swift detection, response, and recovery. Technologies like SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) platforms streamline incident response, enabling faster mitigation and reduced impact. Furthermore, AI-powered threat detection and machine learning are transforming how we identify and respond to attacks, helping to detect anomalies, predict potential threats, and automate responses at scale.

Beyond Technical Excellence

While technical skills are crucial, soft skills can make you stand out as an exceptional security engineer. I have observed brilliant engineers struggle to effectively communicate with stakeholders, which can hinder progress. The ability to translate complex technical security concepts into business value is invaluable — especially when working with non-technical teams or executives.

Charting Your Path

For those looking to thrive in security engineering:

  1. Master the fundamentals of cloud-native security, including securing microservices, containerized workloads, and multi-cloud environments.
  2. Develop a strong automation mindset, seeking ways to integrate security into every step of the development process.
  3. Cultivate strong communication skills to bridge the gap between technical and business teams.
  4. Engage with the security community to stay on top of the latest threats, tools, and best practices.
  5. Pursue hands-on projects to test and refine your skills, whether through internships, personal projects, or contributing to open-source security initiatives.

Looking Forward

The security landscape is continuously evolving, with concepts like zero-trust architectures, supply chain security, and AI-powered threat detection reshaping our approach. While the technologies will evolve, the core principle remains the same: security is a journey of continuous adaptation and learning.

Feel free to connect with me if you would like to share your experiences or insights. Our field thrives on collaboration and the exchange of knowledge.

Securing the University: My Information Security Awareness Session

/ bugejajoseph / Leave a comment
Photo by ThisIsEngineering on Pexels.com

As technology continues to advance, so do the risks and threats associated with it. To protect ourselves and our institutions, it is crucial to remain informed and updated with the latest security trends and best practices. This was the main focus of my recent 45-minute security awareness session with the university technical staff.

In addition to discussing fundamental security measures, I also covered the latest threat actors and threats in the cyber security landscape affecting universities and public institutions. This included state-sponsored actors, cybercriminals, hacker-for-hire groups, and hacktivists. I emphasized the potential consequences of a cyber attack, which can be severe and damaging, such as financial losses, reputational harm, and legal liability.

One alarming statistic I shared was that according to estimates from Statista’s Cybersecurity Outlook, the global cost of cybercrime is expected to surge in the next five years, rising from $8.44 trillion in 2022 to $23.84 trillion by 2027. This underscores the importance of taking proactive steps to mitigate potential risks.

While technical measures are essential, we also discussed the human element of security, including social engineering tactics like phishing emails or pretexting phone calls. Information security starts and ends with all of us, and it is crucial that everyone takes responsibility for protecting sensitive information and assets.

Here is a redacted version of the presentation. Additionally, I recently co-authored an article titled “Human Factors for Cybersecurity Awareness in a Remote Work Environment”, which delves into relevant and relatable cyber security aspects for remote employees.”

Exploring Some Misconceptions and Complexities of Artificial Intelligence

/ bugejajoseph / Leave a comment

Artificial intelligence (AI) is a rapidly advancing field that has the potential to revolutionize many aspects of our daily lives. However, as with any complex subject, there are often misunderstandings and misconceptions about what AI is and what it can do. In this article, we will explore some of these misconceptions.

The intersection of reasoning and learning in AI techniques. AI techniques can be broadly grouped into two categories based on their ability to reason and learn. However, these techniques are not mutually exclusive. For example, expert systems, which involve reasoning, may also incorporate elements of learning, such as the ability to adjust the rules or weightings based on past performance or feedback.

The versatility of machine learning. Machine learning is a technique that enables AI systems to learn how to solve problems that cannot be precisely specified or whose solution method cannot be described by symbolic reasoning rules. However, machine learning is not limited to solving these types of problems. It can also be used to learn from structured data and can be combined with symbolic reasoning techniques to achieve a wider range of capabilities. 

The diversity of machine learning techniques. Machine learning definitions and sometimes taxonomies only mention supervised, unsupervised, and reinforcement learning. However, there are other types of machine learning, such as semi-supervised learning and active learning.  These different types of machine learning each have their own unique characteristics and are suited to different types of problems and data.

The relationship between AI and robotics. AI and robotics are closely related fields that often overlap, but they are distinct areas of study. While robotics can be considered a subfield of AI, it is possible to study robotics independently of AI. Similarly, AI can be studied without necessarily delving into the field of robotics. 

In conclusion, the field of AI is vast and complex, with many nuances and misconceptions that are important to understand. Despite these complexities, the potential for AI to revolutionize many aspects of our lives makes it a field worth exploring and understanding.

Understanding the Benefits of Academic Freedom

/ bugejajoseph / Leave a comment
Photo by Pixabay on Pexels.com

Academic freedom is a fundamental right that ensures professors and students can conduct research, teach, and discuss ideas without fear of institutional censorship. This right is enshrined in many of the founding documents of higher education, including the American Association of University Professors’ 1940 Statement of Principles on Academic Freedom and Tenure, which affirms that “Academic freedom is essential to these purposes and applies to both teaching and research. Freedom in research is fundamental to the advancement of truth.”

Academic freedom is essential for the advancement of knowledge and the protection of academic integrity. It is also beneficial for universities and colleges, providing them with the ability to recruit the best faculty and students and attract high-level research funding. Additionally, it provides an environment in which creativity and innovation can thrive. In practice, academic freedom enables faculty to pursue research and teaching in any field of their choosing and to express their views in the classroom and the curriculum, irrespective of their popularity or controversy. Similarly, students are allowed to challenge and debate ideas in the classroom without fear of repercussions, promoting critical thinking and the exploration of diverse perspectives.

In conclusion, academic freedom is an integral part of a free and open society, essential for the continued advancement of knowledge and the protection of academic integrity. It should be respected and protected in order to ensure the continued growth of knowledge and the success of academic institutions.

8 Rules for Good Research Practice

/ bugejajoseph / Leave a comment
Photo by Lukas on Pexels.com

As a researcher, it is important to understand good research practices and to make sure to adhere to them. This article will delve into each of the eight rules proposed by the Swedish Research Council (Vetenskapsrådet, 2017) for good research practice and provide examples of how to apply them in your own research.

  • 1. To tell the truth about one’s research. This means being honest and open about the methods and results of your research. It also means not making false claims or manipulating data to fit a desired outcome. To ensure that your research is truthful, make sure to accurately record your data and to clearly explain any methods or results that are not obvious. It is also important to keep an open mind when conducting research; be willing to question your own assumptions and consider alternative explanations.
  • 2. To consciously review and report the basic premises of one’s studies. When conducting research, it is important to be aware of the assumptions and premises of your work. Make sure to clearly explain why you are conducting the research, what results in you expect, and how the research will be used. This will help to ensure that the research is conducted in a sound and ethical manner.
  • 3. To openly account for one’s methods and results. When conducting research, it is important to clearly explain the methods and results that were used in the study. This includes explaining the rationale behind the methods, the results that were obtained, and any limitations or weaknesses that were encountered. Doing so will help to make sure that the research is conducted in an ethical manner and that the results are accurate and meaningful.
  • 4. To openly account for one’s commercial interests and other associations. When conducting research, it is important to be aware of any financial or other interests that may affect the results of the study. Make sure to disclose any potential conflicts of interest, such as funding sources, collaborations, or affiliations. This will help to ensure that the research is conducted in an ethical manner and that the results are unbiased.
  • 5. To not make unauthorized use of the research results of others. When conducting research, it is important to respect the intellectual property of others. Make sure to properly cite any sources that you use and to get permission before using the research results of others. Doing so will help to ensure that you are not infringing on the rights of others and will help to protect your own work from potential misuse.
  • 6. To keep one’s research organized, for example, through documentation and filing. When conducting research, it is important to keep track of the data and results that you obtain. Make sure to keep accurate records and to store data in a secure manner. Doing so will help to ensure that the research is conducted in an orderly and ethical manner and will help to protect the integrity of the research.
  • 7. Striving to conduct one’s research without doing harm to people, animals, or the environment. When conducting research, it is important to be aware of the potential consequences of the study. Make sure to consider any ethical implications of the research and to take necessary steps to minimize any potential risks or harms. This will help to ensure that the research is conducted ethically and with respect for the rights of participants, animals, and the environment.
  • 8. To be fair in one’s judgement of others’ research. When conducting research, it is important to be aware of the potential biases that may influence one’s judgement. Make sure to consider the context of the research and to keep an open mind when evaluating the work of others. Doing so will help to ensure that your own research is conducted in an ethical manner and that the results are reliable.

In conclusion, it is important for researchers to be aware of and adhere to the ethical guidelines and principles of good research practice. By understanding and following these eight rules proposed by the Swedish Research Council, researchers can ensure that their work is conducted in an ethical and responsible manner.

Courses Needed for a PhD: Exploring the Requirements at a Swedish University

/ bugejajoseph / Leave a comment
Photo by Kampus Production on Pexels.com

If you are considering a Ph.D., you may wonder what courses you should take. This is a common question, and the answer depends mainly on the particular university, department, and field of study. As someone who has studied at a Swedish university, I can offer some insight into this topic.

The first type of courses taken by Ph.D. students are those related to the subject of their studies. For example, a student studying Computer Science, with a specialization in cyber security, may take courses such as Advanced Cryptography, Advanced Network Security, and Security Protocols. These courses provide the student with the knowledge and skills necessary to apply their research to cyber security.

The second type of courses taken by Ph.D. students are those related to research methods. Research methods courses are designed to help the student develop the skills necessary to conduct research and interpret and communicate the results of their research. Some of the courses that Ph.D. students take in this area include Qualitative Research, Quantitative Research, Statistics, and Research Design. These courses help the student develop the skills and knowledge necessary to design and implement research projects and interpret and communicate their results.

The third type of courses taken by Ph.D. students are those related to the broader objectives of their Ph.D. These include courses such as Pedagogy, Leadership, and Professional Development. These courses are designed to help the student develop the skills and knowledge necessary to be successful in academia, such as the ability to teach, lead, and work with other professionals in the field.

A university often offers some, if not all, of the doctorate courses needed for a candidate to complete a Ph.D. However, it’s also feasible that the university will let the student attend classes or use research resources at other institutions. This is especially true if the student is pursuing a program that is interdisciplinary, in which they may need to draw on the resources and subject matter expertise of other institutions. Additionally, universities may offer online courses or allow distance learning, allowing students to gain their education from remote locations.

In conclusion, the courses taken by a Ph.D. student depend on the field of study, the university, and the department. Generally, courses related to the subject of their studies, research methods, and broader objectives are taken. These courses are necessary for the student to develop the skills and knowledge necessary to pursue a successful Ph.D.

How to Choose a Conference to Publish Your Paper

/ bugejajoseph / Leave a comment
Photo by Luis Quintero on Pexels.com

There are several factors that I take into account when choosing a conference to publish at. The first is obviously the quality of the conference. I only want to publish at conferences that are well-regarded and have a good reputation. The second is the location of the conference. I prefer conferences that are located in convenient locations so that I can easily get to and from the conference. The third is the size of the conference. I generally prefer smaller conferences so that I can have more one-on-one time with the other attendees.

I think that the most important thing to remember when choosing a conference to publish at is to choose one that is a good fit for your paper. Not all conferences are created equal, and some will be better suited for your paper than others. It is important to do your research and make sure that you are submitting your paper to a conference that is likely to accept it.

I usually use WikiCFP together with the Norwegian Register to help me choose a good conference. WikiCFP is a great resource for finding open calls for papers for conferences and workshops in many different fields. I can browse by field or by location, and I can also view the most recently added conferences. The Norwegian Register is a Norwegian database that includes information about scientific journals, series, and publishers. I use this database to find information about the quality of the conference, particularly its scientific level. I have found that using both of these resources together has helped me find good conferences to submit my papers to.

Submitting to a conference can be a time-consuming process, so it is important to choose wisely. I hope these resources help you find the perfect conference for your work!

The Importance of Combining Research and Teaching

/ bugejajoseph / Leave a comment
Photo by cottonbro studio on Pexels.com

As the world progresses, so too does the need for innovative research to support it. In many ways, research and teaching go hand-in-hand, with each feeding off the other to produce a well-rounded system of knowledge. In the field of cybersecurity, for example, teaching is essential to ensure that a new generation of workers is equipped with the skills they need to protect our online world. But research is also critical to staying ahead of the curve and developing new ways to combat the ever-evolving threats that target our digital lives.

The benefits of combining research and teaching are numerous. By keeping up with the latest advances in their field, teachers can ensure that their students are receiving the most up-to-date and relevant information. This helps to prepare students for the real world, where they will be expected to apply their knowledge to solve problems. Meanwhile, researchers can use their findings to inform their teaching, ensuring that the latest discoveries are passed on to the next generation.

But it is not just about staying up-to-date; research can also help to improve the quality of teaching. By constantly testing and refining their methods, researchers can develop more effective ways of imparting knowledge. This benefits not only the students who receive this improved teaching but also society as a whole, as a better-educated workforce is better equipped to meet the challenges of the 21st century.

It is clear, then, that research and teaching are two sides of the same coin. By working together, they can create a virtuous circle that benefits everyone involved.

How to Make the Most of Your Career Journey: My Panel Participation

/ bugejajoseph / Leave a comment

On October 10, I was a panelist at a Career Planning Day event at Malmö University. The event was geared towards doctoral students at the Faculty of Technology and Society (TS) who were interested in careers in industry or academia. We discussed questions about what doctoral students should be thinking about during different stages of their journey, as well as any obstacles we faced and how we overcame them. In the hopes that it will help in a student’s own career planning, I wanted to share some of the advice I shared during the day.

One of the most important things to keep in mind is that a career journey is just that—a journey. There will be ups and downs, detours and roadblocks, but if you keep your eye on the destination and you persevere, you will eventually get there.

Gift received for participating in the panel.

One piece of advice is to define goals. The first step to any successful career journey is to have a destination in mind. What do you want to achieve? What are your long-term goals? Once you have a clear idea of where you are going, you can map out a plan to get there.

The second piece of advice I gave is to start networking early on. Get to know people in your field, both in academia and in industry. Attend conferences and events, and do not be afraid to reach out to people you admire. You never know when one of these connections will come in handy.

Finally, one should not forget to take care of yourself along the way. A career is a marathon, not a sprint, so it is important to pace yourself and take care of your mental and physical health. If you burn out, it will be that much harder to keep going.

I would also advise against comparing yourself to others. It is easy to get caught up in what others are doing and to think that you should be doing the same thing. But everyone’s career journey is different, so focus on what works for you.

The Benefits of Industry Experience for Academics

/ bugejajoseph / Leave a comment

Some people may say that having industry experience is essential to being a successful academic, while others may argue that it is not necessary. It is important to consider both sides of the argument before making a decision.

Those who argue that industry experience is necessary may say that it is essential in order to understand the real-world applications of your research. They may also argue that industry experience can help you build important networks and connections. Those who argue that industry experience is not necessary may say that academic research is theoretical and that real-world experience is not relevant. They may also argue that you can gain all the skills and experience you need by working in academia.

Photo by Canva Studio on Pexels.com

It is important to weigh both sides of the argument before deciding whether or not industry experience is necessary for you. If you are still undecided, you may want to speak to academics who have both industry experience and academic experience to get their opinion. Nonetheless, I believe that industry experience can be beneficial for academics. Here are five ways that industry experience can help you:

1. Industry experience can help you get a job. If you are looking for a job in academia, industry experience can make you a more attractive candidate. Employers will see that you have real-world experience and that you are familiar with the industry. 

2. Industry experience can help you with your research. If you are doing research for your Ph.D., industry experience can be beneficial. You will probably be able to apply your research to real-world scenarios, and you will have a better understanding of the industry. 

3. Industry experience can help you network. Networking is important for both your academic career and your Ph.D. studies. Industry experience can help you meet people in your field and make connections. 

4. Industry experience can help you get funding. If you are applying for grants or funding for your research, industry experience can be helpful. Funding organizations will see that you have experience in the industry and that your research is relevant to the industry. 

5. Industry experience can help you teach. If you are teaching at the university level, industry experience can be beneficial. Students will see that you have real-world experience and that you are familiar with the industry.

You are welcome to contact me if you are interested in learning more about my experience with this, or simply if you want to collaborate with me.