The demand for qualified, educated CyberSecurity professionals is increasing rapidly. Our reliance on technology is now higher than ever, and with more and more people working from home and accessing the internet in new ways CyberSecurity threats are at an all time high.
Willis College is proud to offer one of the best CyberSecurity training programs available in Canada (we even train members of the Canadian Armed Forces). Ali Mrehach is an instructor for our program and has been working in the field for more than two decades. We sat down with him to learn about his career path and what someone new to CyberSecurity will learn in this exciting and dynamic program.
Willis College: Hi Ali! Thanks for taking the time to chat with us today. Can you tell us a little bit about yourself? When did you go to school and what are your qualifications?
Ali Mrehach: Good afternoon, my name is Ali. I have completed my computer science engineering degree. I am holding Microsoft certified trainer certification. I am a certified ethical hacker instructor as well. And I have certifications like the Cisco certified network administrator. I’m certified from 3Com, Intel, HP, and Dell.
WC: Wow, thank you, Ali. How long have you been working in the field?
I have been working in the field for more than 23 years now.
WC: And how long have you been teaching?
I have been teaching in Canada for more than seven years now.
WC: Excellent. Ali, tell us what it’s like to work in the cyber field. Is the cyber field evolving?
Working in the cyber field is something like searching for puzzles. You want to have something in your hand, but you cannot find it. You need to be patient. You need to be smart to get what’s going on.
WC: One of the questions we often get asked is about blue teaming. Tell me about blue teaming.
Blue teaming is the team that gets hired by a company to defend that company. You get called from any company that maybe you have a contract with, or you want to work with, or you apply for a job for. And the job for the blue team is to know what the red team is doing – what the hacker is doing. And they will do everything that they can to protect the information, the data, the network, for the company that they are working with.
WC: We once heard the blue team and red team described as the Pac-Man of cybersecurity, where Pac-Man is trying to stop the red team. Can you describe the red team and blue team?
The red team is someone smart. He gets all the knowledge, he gets all the tools that will allow him to hack another system. This is illegal. This is unethical, but he will use everything that he can do to get the data, try to encrypt it, disturb others, and maybe steal the data and publish it publicly.
The blue team is the opposite direction. The blue team is the one that has the same knowledge, same smarts (or maybe more), and has the tools to fight with the red team. The red team tries to attack and the blue team tries to defend.
WC: Excellent. Thank you. This brings me to a fabulous question; ethical hacking and pen testing. I think of pen testing as making sure the ink is flowing in my pen. Tell me about pen testing.
Penetration testing, from the name, is a test that will be done with a company that they ask you to do it. For example, you will get called for a company and say, “Hey, I want you to hack my network. I want you to hack my data. I want you to tell me or try to hack my system.” This is a contract between the cybersecurity analyst who is trying to be an attacker here, and the company that they call you.
The reason for this is to see the weaknesses, vulnerabilities, and any kind of bad points for that company. They will take this into consideration and try to find a solution so nobody can attack them.
WC: Okay. Awesome. In our cybersecurity analyst program, we do a lot of hands-on training and we often get asked what are virtual labs and hands-on training in CyberSecurity?
The virtual labs and hands-on training in CyberSecurity is very important for any student. We encourage everyone to get their hands dirty, with so many kinds of scenarios. You will be the attacker, which is the red team. You will be the defender, which is the blue team.
You need to create the attack. If you create the attack, you know from a technical perspective, how this attack happened. At the same time, if you know this you know exactly how to stop it. But the virtual lab itself is something that is necessary for any kind of CyberSecurity analyst. Even if you are not a student, you will be continuously working with the virtual labs because you need to see something virtually in a lab before you put it in a production environment.
WC: Excellent. My final question, Ali, is that we have a strong part of our program around communication, especially written communication. Can you explain why a cybersecurity analyst would need to have good written and verbal skills?
At the end of the day, the client will ask for a report. “Hey, what’s happened to my network? Is my network having a problem? Is my network having weaknesses? Is my network having a vulnerability? Anybody attack my network? Do you find any evidence that my network has been hacked?”
All these should be written professionally. All these should be written in a report that will reflect your findings. There is no point if you know everything but you don’t know how to put it on paper for the clients.
WC: Thank you, Ali! Thank you for your time today.
What are you waiting for?
Don’t wait, change your life today with an education from Willis College. We’re currently enrolling students in a variety of programs including CyberSecurity Analyst and CyberSecurity Operator. Visit our website to learn more and to get started today!