Herbert: Manage threats, risks, and vulnerabilities
My name is Herbert and I am a Security Engineer at Google.
I think I've always been interested in security,
in high school our school gave us these huge Dell laptops.
There wasn't a whole lot of security within those computers.
So, many of my friends would have cracked versions of like video games like Halo,
that's really where I learned how to start manipulating computers to kind of do what
I want.
I guess [LAUGH] my day to day consists of analyzing security risks and
providing solutions to those risks.
A typical task for
cybersecurity analysts would usually be something like exceptions requests.
Analyzing if someone needs to have special access to a device or document
based on the role that the person has or the project that they're working on.
One of the more common threats that we come across is misconfigurations or
requesting access for something that you don't really need.
For example, I recently had a case where a vendor we
were working with had changed their OAuth scope requests.
And basically that means that they were requesting more permissions to use Google
services than they had before in the past.
We weren't sure really how to go about that because that wasn't
a situation we've come across before.
So it's still ongoing, but
we're working with partner teams to kind of develop a solution for that.
I think another thing that we've seen is outdated systems,
machines that need to be patched.
That sounds like an IT issue, but it's also definitely a cybersecurity issue.
Having outdated machines, not having proper device management policies,
working with a team or many teams is a huge part of the job.
In order to get really anything done, you need to communicate with not just the team
that you're a part of, but with other teams.
Ten years ago I was working at a pizza joint and ten years later,
here I am, at Google as a Security Engineer.
If I told my 16 year old self that I would be here,
I wouldn't have believed myself, but it is possible.
No Comments