Day 1 - Security: Social Engineering
1 - Introduction
Meet Zainab and Callum, our hosts for the day. They will introduce you to today's theme of Security, and more specifically the topic of Social Engineering that we'll be covering with our team of experts from BT and Grok Academy:
2 - Data Security with Kaia and Mike
Key qualifications: MPhys Physics with Space Science (not Security related!).
What does your job involve? During my rotation with the Security Behaviours team, I get to work on so many different things. My favourite is my work on the internal phishing programme, where we measure how well BT Group responds to phishing emails. We use the programme results to inform how we deliver educational materials.
How did you get into your current role? After completing my degree, I realised that I wanted a change. I always wanted to do something that would help people, and Security felt like a natural choice to make a difference. I entered Security on the Graduate Scheme as it gives me the opportunity to learn important skills on the job, and the freedom to pursue the areas of Security that interest me the most.
What did you want to be when you were younger? I didn't have a specific career in mind, I just knew that I wanted to be able to make a difference.
What do you do outside work? I love to read, go on walks in the countryside and crochet (though I'm pretty terrible at it!).
Key qualifications: Security (CISSP) Data (CIPP/E) advanced practitioner OSINT, advanced practitioner social engineering. Degrees in Behavioural Psychology, Cyber Psychology, Behavioural science, Advance management. Qualified behavioural analyst, life coach, master practitioner NLP, hypnotherapist, cognitive behavioural therapist.
What does your job involve? I am responsible for all Data behaviours and culture across BT Group globally. This includes many things such as education and Data assurance e.g. 2nd line social engineering and data compliance assurance testing for the business such as contact centres etc and stores to highly sensitive sites and teams.
How did you get into your current role? I have worked across the business in many roles over the past 25 years but always had an affiliation for human behaviours. I was asked to join BT security in 2012 and then went on to create and lead the security behaviours team for a number of years; responsible for creating BT's internal phishing program and our internal industry-awarded training 'don't feed the phish' (that would then become 'don't feed the ish'). In 2022 I was asked to run the new 'Data behaviours and culture team'.
What did you want to be when you were younger? Was never sure to be fair. I am neurodiverse so this has always played a part in my life, and being 59 now it was very difficult in my early years as the condition was not understood or supported like it is today. Let's just say I would do anything and want to prove I could excel at it.
What do you do outside work? Fishing, football and grandchildren.
What's your one biggest bit of advice to people in regards to social engineering and data security?
Don't be quick to offer up information to anyone, even if they are rushing you. You can't always believe people are who they say they are and it's always better to take a little extra time to be sure. Slow down and check who you are talking to through a trusted channel before giving them anything.
Take control for your personal data and think before you share. Time is your friend... slow down and always check before you trust. Ensure all your devices have the maximum security settings on and all apps are regularly updated.
3 - Have a go activities
4 - Career profiles
Key qualifications: Human Behaviour Analyst.
What does your job involve? In my role, I get to analyse security behaviours, identify risks and figure out how to help our employees become more secure.
How did you get into your current role? A few years ago, I learned there was a team where they combine psychology and security to improve behaviours, and I knew I had to get there. So I took online courses, read books and articles, applied for a secondment in the team and after about a year I could move into this role.
What did you want to be when you were younger? It was a three-way tie between wizard, superhero and spy. I think my current role is probably the closest I can get to that dream.
What do you do outside work? Nothing very exciting, I'm mostly just a cat lady who likes to stay inside and watch movies.
Key qualifications: ILM Level 4 in leadership and Management.
What does your job involve? It is my responsibility to ensure all employees receive the necessary security education and training. This involves developing, enhancing, and delivering tailored security training programs to address specific needs. Best part is... I am currently working on a VR Security Game.
How did you get into your current role? After completing 14 years in the British Army, I aimed to transition into a role focused on behaviours and culture within BT. After networking I came across a position that perfectly aligned with all my interests - social engineering, OSINT (Open-source intelligence), behaviours, and education. Without hesitation, I eagerly applied, and here I am now.
What did you want to be when you were younger? I wanted to be a Private Investigator like Dick Tracy with a cool watch.
What do you do outside work? I like to run ultra distances over hills and mountains and when I am not doing that, I like to take part in Capture The Flag (CTF) OSINT events.
Key qualifications: Life experiences.
What does your job involve? I get to socially engineer my way into BT buildings and see what information people will give me and where people will give me access to with any validation. This is then used to educate colleagues that they should always have their human firewall switched on.
How did you get into your current role? I have worked for BT for 40 years and moved departments. For this role I was asked to apply due to my experience doing a similar role in Security.
What did you want to be when you were younger? I have always worked for BT!
What do you do outside work? I love running, walking and gardening.
5 - Grok Academy
Key qualifications: B Ec, B Inf Tech, Grad Dip Ed, M Ed.
What does your job involve? I lead Grok Academy's team of Educators, who build learning resources for students in primary and high school and develop learning materials for teachers to help them better understand all things computer science and cyber security.
How did you get into your current role? I spent many years in schools as a teacher and leader, but in 2017 an opportunity came up to lead a multi million dollar project supporting the Digital Technologies curriculum implementation in Australia. It gave me a chance to share my expertise with teachers and students across the country, and that opportunity to make change on a national (and now international) scale was too good to pass up.
What did you want to be when you were younger? I was interested in so many things, and I considered roles in a range of fields from finance and law through to technology. In the end, it was an experience while I was studying at uni tutoring other students in Economics and Information Technology that convinced me to choose a career in education alongside my interest in tech.
What do you do outside work? I'm an avid fan of sport and gaming - both computer and tabletop. If I'm not with friends on the volleyball court or throwing down wood and cardboard, I'm usually enjoying time catching up with family.
Key qualifications: Problem solving, identifying risks/opportunities for improvement, working in a team, communicating clearly - verbally and written.
What does your job involve? In my role, I enable all the teams who defend the bank and our customers to make data-based decisions. In my role I analyse cyber data to identify improvements and attend conferences across Australia to bring ideas back into the group.
How did you get into your current role? My current role came about through mentorship. Early in my career I knew that I wanted a mentor in Cyber. Through this relationship I was offered my current role. When my mentor received an opportunity to set up an entirely new team, she invited me to join and help her establish it.
What did you want to be when you were younger? When I was younger, I wanted to be a palaeontologist. I was always very curious about computers and how they worked so randomly at the end of high school I decided to study a computer science degree.
What do you do outside work? Outside of work I love to travel and play sport. Recently, I have gotten into ocean swimming. I also love hanging out with my friends and organising weekends away.
Key qualifications: Year 12 (final year of high school).
What does your job involve? Staying across the latest regarding scams, fraud and cyber-crime and educating our colleagues, customers, and community about how to protect themselves online.
How did you get into your current role? By following my interest! Initially I worked closely with the fraud team while working with electronic banking disputes and then moved in to an education role in the fraud team. While working in fraud, we worked closely with the team in Group Security, and when a role came up in this team, I jumped at the chance.
What did you want to be when you were younger? A Pilot.
What do you do outside work? I enjoy getting out in nature and taking the camera along wherever it is!
Key qualifications: I did an undergraduate degree in business and have post grad qualifications in journalism and computing.
What does your job involve? The accidental insider side of human behaviour. We develop training and interventions that target improving people's security behaviours and then track how they work. We also get to do cool partnerships work to help uplift cyber skills both in and outside of our company.
How did you get into your current role? I was already working for the company and saw this job advertised which sounded like it ticked so many boxes in terms of what interested and motivated me, so I applied! I didn't have cyber experience when I first started in the team but came to the interview with a plan of how I was going to go about upskilling.
What did you want to be when you were younger? A journalist. I've always loved talking to people and finding out their stories and perspectives on things.
Key qualifications: CISSP/Certified Novell Linux Instructor/Splunk Certified Admin/ RHCE.
What does your job involve? Design and develop security use cases leveraging data and security technologies to satisfy customers' requirements. Develop detection rules to pick up malicious activities and automate security incident triage, response and remediation process via scripts or tools. Conduct technical evaluation for new security services or products.
How did you get into your current role? I started as a QA engineer in a very small security vendor to test all features of a wide range of security products e.g. Firewall, IDS, IPS, Email Gateway, Web gateway. With a few years hands-on experience on these security products, I moved to a security consultant role to help customers to uplift their security position by design and deliver customised security solutions including Endpoint Security, Application Security and Email Security Solutions. Now I am a SIEM & SOAR security specialist in BT who is responsible for uplifting the detection and response capabilities for the team.
What did you want to be when you were younger? A businessman or a footballer.
What do you do outside work? Play tennis and football, build/upgrade a smart home system for my house aiming to have all electronic devices integrated into an Apple home system.
Key qualifications: Bachelor of Science with Honours, Business Information Technology from UNSW; Certified Information System Auditor (CISA); AWS Certified Solution Architect; Graduate, Australian Institute of Company Directors.
What does your job involve? I help my customers (banks and insurance companies) to be safe and secure on AWS cloud. I do this by helping them understand the best ways to plan, migrate and operate apps on AWS cloud.
How did you get into your current role? I attended a presentation from AWS and was so impressed with what I learnt and the AWS people, that I decided I had to join them.
What did you want to be when you were younger? I wanted to be a stuntman. I would recreate stunts from my favourite movies in my back garden. After a broken arm, recreating a scene from Sylvester Stallone's Cliffhanger, I decided a different path would be safer.
What do you do outside work? I coach my son's football team and love to play golf whenever I am able to.
6 - Related STEM learning content
If you enjoyed this content, why don't you take a look at some of these other great resources around this topic below:
Supported by:
Supported by:
Supported by:
Supported by:
Supported by:
Supported by:
Supported by:
Supported by:
Supported by:
Supported by:
7 - Feedback
Please rate today's Security content and submit your feedback here, although do not enter any personal information (such as your name or address). You won't receive a reply, but your feedback will be sent to our Education Team who are responsible for putting this all together. We really appreciate your input into making future versions of this event bigger, better, and more relevant to what you want to see.
|
We'd love to see pictures of you all getting involved with our BSW content. Email these to us at computerscience@bt.com telling us what school you're from. Or post it on social media and mention @adastralpark with the hashtag #BSW24. |