IBM Z Global Student Hub

  • 1.  Event - 02APR - Everything Zecure out there?

    Posted Sun April 10, 2022 10:57 AM
    On April 2nd we hosted our third event of the series "Your Path from University to the Industry". This time, it was all about cybersecurity and cryptography. Along with a big audience keen on learning more about those topics, we had the pleasure of welcoming an amazing set of panelists:
    • @Eysha Shirrine Powers (Senior Technical Staff Member, Chief Architect, IBM Z Cryptographic Portfolio)
    • @JORIS MERTENS (Developer Advocate IBM Z)
    • Dr. Onalenna Makhura (Lecturer, University of Botswana)

    Some interesting things mentioned:
    • Getting your dream job is not necessarily a straight path. Eysha started off as a Function Tester and worked as a Software Developer before taking on her current role as Architect. You don't have to exactly know what you want to do yet. Explore! Don't stick to one technology/platform. Getting a broader perspective will help you getting the bigger picture. One of the advantages of working for a large company is that you can try out different job roles until you find the one that you are really passionate about.
    • There is a wide variety of jobs in the cybersecurity sector. For instance, as a tester you have to be aware of the design document received, understand and interpret that design in order to build a function test around it (you look for what you want to test, how to build those tests (automation?)). As a developer on the other hand, you look at what is the best way to code this design. The designer tells you which features it needs to have, which inputs/outputs but it's up to the developer how to implement it (data structures, programming languages, optimizations, managing storage and memory). As a designer you create this document everybody else follows, you create a vision and provide background. As an architect you do less coding and more meetings, and you are not just looking at one component anymore (e.g. crypto or security component) but looking at multiple components to build solutions that attach to many different areas. Hence it's about communicating with leads of many different areas, having a broad set of knowledge to understand how all those pieces work together. You come up with a vision, engage with clients to make sure that the vision aligns with what they need, and then align all the teams around, so the various designers of those teams can create their design unique to their component.
    • Getting certifications can help you land a job.
    • Be prepared for a job interview by knowing what's going on in the world in terms of cybersecurity. Know the current threats companies are facing. If you have the time, dig into it and acquire some background knowledge, and think about how you could mitigate those threats.
    • IBM Z is known as being the most secure(able) machine. This level of security is also available for start ups and small companies by having the infrastructure hosted by IBM, and the end-to-end service is being provided via the IBM cloud platform. Students can use it in the same way to try it out.
    • Be aware of all the libraries you are using (remember Log4j!) and the latent cybersecurity vulnerabilities. Don't consider cybersecurity only in an afterthought. Don't react but keep ahead of the curve.
    • Keep up to date. If you don't have the fancy resources IBMers and their clients have for z/OS (Secure Engineering Team), you might want to read a lot of online magazines and news articles to know what's going on in the world and what the concerns of specific sectors are. Check out the IBM X-Force. There are also conferences specifically for cybersecurity (e.g. RSA Security Conference). There isn't a single source or website. Keep up to date with identifying new vulnerabilities and how they may affect you.
    • Cryptocurrencies associated with cybersecurity still need to grow and mature, and there need to be more global and permanent solutions to provide security. The idea and the technology is very potential but there are still some problems.
    • Blockchain technology and its level of security might be an interesting use case for mobiles, to prevent our personal data being drained. Another one could be crypto anchors, which could ensure that parts were not being tampered with and come from the correct source.
    • Some security factors for networking applications: multifactor authentication, secure network communications, using secure developer processes. It's important to consider a layered set of technologies when it comes to cybersecurity. There might be trade-offs in terms of performance. TLS 1.3 is the new thing for network security - does your infrastructure support such new technologies? Which type of attack would you be concerned with? Do you want/need to comply with any standards (e.g. best practices published by Center for Internet Security)? Put checks in place to ensure that there is integrity in the software you are building and someone isn't bringing in something that shouldn't be in the build (integrity proof of origination, proof of the fact that data hasn't changed, etc.).
    • Awareness for cybersecurity grows but companies still tend to put off investments in that area until faced with a data breach themselves. Especially small companies and start ups tend to move fast to bring their product to the market, and think about security only at a later point. However, legislation is catching up (GDPR, etc.) when it comes to handling people's data.
    • Security and manufacturing: Supply chain attacks are a major threat. Consider using certificates and digital signatures. Think about which components don't necessarily need Internet access to limit their possible exposure.
    • Factors for cybersecurity aren't only technology and processes but also people.

    But watch yourself! If you haven't had a chance to join the event live, you can watch the recording which we will link here in this discussion thread early next week.

    The whole team (@Rita Pani, @Lucile Monet-zur Kammer, @Michael Tiba Busch, @Junior Moremong, and myself) ​thanks all participants and looks forward to hearing your comments about the event!

    Sabine Diemt
    FernUniversität Hagen

  • 2.  RE: Event - 02APR - Everything Zecure out there?

    Posted Sun April 10, 2022 05:14 PM
    Hi @Sabine Diemt! I love this detailed recap! Thank you again for hosting this session. It was great to engage with you, your team, the panelists and of course, the students. I wish all of the students much success and welcome them to reach out if they have any questions. :-)

    Eysha Shirrine

  • 3.  RE: Event - 02APR - Everything Zecure out there?

    Posted Tue April 12, 2022 10:43 AM
    If you missed the event or would simply like to rewatch, here is a link to the recording:
    Everything Zecure Out There?

    Junior Moremong