When you speak with many of the seasoned veterans of cybersecurity, it is not unusual to learn of the twisted path in technology that eventually landed them in the security profession. However, the newest cybersecurity professionals are digital natives. They grew up in a world of technology and were exposed to cybersecurity as early as their first interactions with the internet.
Dilki Rathnayake stands out as a person who has been involved in cybersecurity since her earliest days on the internet. As a dedicated and prolific cybersecurity author, she has grown her knowledge and career entirely in cybersecurity. We had the opportunity to interview her to get a sense of how the newest cybersecurity professionals have honed their knowledge and craft.
Q: Can you tell me about what got you into cybersecurity?
A: When I was 14 years old, I created my first Gmail account, and at the time, there was this social media platform called G Plus (Google +) where Gmail users could create an account and share posts and stories, which is quite similar to Facebook. That platform no longer exists. I was not actually allowed to create a Facebook account. So, without my parents' permission, I had this G Plus account. I received a suspicious text through the Hangouts app, which was kind of like the Facebook Messenger app. The message contained my password, and the person who sent it wanted to notify me to create a stronger password because that one was very easy to guess.
I was so scared by this that I completely deleted my account. I didn't even touch my computer for days, and I didn't even tell my parents about this ordeal. They always warned me that social media was a scary place. However, after that password incident, my curiosity was piqued, so I created a new account and found groups that were discussing catfishing accounts and those types of topics. At first, I found a couple of friends there who actually knew about cybersecurity.
They knew a little bit about the hacking side as well, so I shared my experiences. They were Americans, and they had access to more technologies than I did in my country. They recommended that I get into cybersecurity. I asked what I should learn, and they offered great recommendations, such as learning the Raspberry Pi and some of the tools from the Hak5 group.
Of course, my parents actually wanted me to become a doctor, but I really had this passion to get into cybersecurity. In the last two years in my school, I saw a notice about a cybersecurity summit, and I got a chance to attend the summit. And there I met Zoe Rose. She was the first female hacker that I met in person, and when she was talking about hacking and capturing cyber criminals, I was in awe. At the time, I was excited to know that even girls could do cybersecurity. That day was a turning point in my life. I thought to myself, I can do this. Zoe was a perfect example for me at that time. She became my role model, and then I started my journey to pursue my degree from that day on.
Q: What has been your experience studying cybersecurity? What courses did you take?
A: I knew that I needed to get hands-on experience in Linux environments. I experimented with Debian Linux for about a year. Then, I enrolled in an advanced Linux administration course, and I learned about other Linux distributions. I also wanted to learn a little bit about the hardware side as well to build my own PC so I completed a Pearson Diploma in hardware engineering and network administration. After that, I completed the Cisco CCNA course, which took me about a year to complete due to COVID.
The funniest part when I attended those classes was that I was the only girl in the classes, and the students were around their mid-twenties and thirties. I was 19 at the time, and they were quite suspicious to see me there. It turns out that they were all military or law enforcement professionals, and they were studying as part of the cybersecurity initiative that was growing in my country.
After completing the Cisco CCNA, I continued with more courses in network engineering and then completed a bachelor's degree in cybersecurity and digital forensics at Kingston University. I went on to earn the ISC2 CC and EC Council CEH credentials.
Q: What advice would you share with other students who might want to go into the world of cybersecurity?
A: Perform a thorough research on the cybersecurity subdomains that are available and choose a domain that suits you best because not all cybersecurity roles are technical. Apart from the technical areas such as network security, hardware security, and software security, there is the governance side, which includes categories such as audits, laws and regulations, policies, and procedures. You do not actually need a lot of technical knowledge to get a job in those categories. You could also look into becoming a certified cybersecurity instructor. There are various positions available for lecturers to train corporate employees, even students, and also build awareness programs. You could also explore the role of being a cybersecurity content writer, helping to raise awareness and keeping readers informed about the latest cybersecurity trends and news. Cybersecurity is not always as technical as one might think.
In addition to developing technical skills, it's essential to improve soft skills such as analytical and communication skills. Being an avid learner is also important, given the dynamic nature of cybersecurity.
Network yourself a lot. It's going to help you along your cybersecurity journey. Networking is actually key to just progressing on your path. There are so many cybersecurity forums, groups, and communities that are freely available that you can join and attend their conferences. If you do not have the time to attend those kinds of conferences, you can still network through the available social media sites.
The most important point is to just have a passion for cybersecurity. Just having a passion is enough to boost you and move you forward to find all sorts of opportunities and things that would help you get into cybersecurity. I just started with a passion for cybersecurity because I really wanted to help people. That first experience with my easily guessed password made me feel vulnerable at that point. I thought no one else should feel this way. Everyone should feel secure, and everyone should have their own rights regarding proper cybersecurity. That's what has kept me going through this journey.
Q: How have you seen cybersecurity change over the last few years? What are some of the topics that interest you the most and why?
A: I've seen a lot of changes in so many different areas, not just with technology. I would first put gender inclusivity. Currently, you actually see a lot of women in cybersecurity, which is a good thing. Second, I would say there are so many cybersecurity learning platforms available now that you could complete a whole degree in cybersecurity just while learning at home, which is fascinating. That was unavailable when I was studying.
The rapid development of Artificial Intelligence (AI) is the most interesting topic right now. The commercialization of AI has significantly changed cybersecurity, introducing a lot of possibilities and, as well, so many threats and risks. We now see security tools that are powered by AI, which tend to be faster and more accurate. I also see a grey area with the commercialization of AI. So many devices, software, and features are covered by AI. What I've noticed is that those devices and AI-powered software are becoming more autonomous, especially those devices that are beginning to gain more awareness of their own surroundings. To a certain extent, they can even identify the user, and sometimes, they can even predict the user's next behavior as well. I see that as kind of alarming because all the vendors might collect even more data for features and services, but are we going to sacrifice our security and our privacy just for convenience?
Currently, AI even has the ability to influence our own decisions. So we need to really be transparent about it and introduce new laws and regulations. AI companies need to be transparent about what they are going to do with the collected data, why they are collecting the data, and what kind of processes they're actually using. Is it necessary to collect that kind of data to give you great experiences?
So, from what I currently observe, cybersecurity has evolved beyond solely protecting systems from attackers. Now, it's more about the services and the products that you use, the data being collected from you, and how much control you have over that data.
Q: Have you been actively looking for a cybersecurity role? If so, what challenges have you come across? If not, what are your future plans?
A: The main challenge is the number of years of experience that many employers expect for a junior role. It's pretty unrealistic and impractical. I saw a junior network administration role that required 10 years of experience. That is very long. I guess it's because the Human Resources department might be making the decisions regarding employee retention, so they want to hire a fully experienced professional rather than training a novice who may not stay with the company after they gain the experience.
Q: Have you had any experience along the way? If so, can you tell me about those roles?
A: I gained some experience as a Linux system administrator for a couple of small businesses, and I designed and implemented secure network systems for those small businesses. I also wrote some policy documents. I've also been pursuing more certifications and participating in Capture The Flag (CTF) labs. I've been able to conduct a couple of cybersecurity awareness programs for school students, teaching them about how to secure their digital identity and how to get involved in cybersecurity. One other project was about ethics in online communications. That is not talked about very much. Also, I gained experience as a cybersecurity content writer, where I mastered the art of engaging readers with cybersecurity topics and increasing awareness of trending and technical subjects.
We have often seen how the path of many cybersecurity professionals never happened in a straight line. The newer students are showing how the profession has become more established, offering a better focus for those looking to choose cybersecurity as a career. We are fortunate to have curious, dedicated, and passionate people like Dilki who are part of that next generation of cybersecurity professionals.