Looking back: TM256 Cyber Security

I am currently waiting on my module result as I write this, so I can’t tell you how I’ve done yet. I can tell you that this was a fairly enjoyable and challenging module however. This module was broken down into five modules, had 3 tutor-marked assessments and an exam.

Block 1: Concepts of cyber security

This block, as you might have guessed, serves as an introduction to the topic of cyber security. It aims to get students familiar with common vocabulary and definitions, as well as introducing some of the core concepts of cyber security.

Block 2: Systems security

This block largely focused on operating systems and various security controls and considerations though it also covered some general device security and set foundations for network security. There was an in depth exploration of cryptography and triple A (authentication, authorisation & accountability).

Block 3: Infrastructure, host and application security

Covering physical security, network security, host security, application security and human factors. This block gave me an opportunity to get on my soapbox about some of my favourite gripes with common workplace password policies. Especially as NCSC has for a long time advised against routine password expiration and complexity rules. It should have been apparent long before now that this encourages poor password hygiene. Users would either record their passwords somewhere accessible or make all their passwords the same of very similar. Users who do try earnestly to make “strong” and unique passwords while not storing them insecurely are more likely to require support when they forget a password or get locked out of their accounts.

Block 4: Security operations and incident management

This is where the module became particularly interesting for me. Giving some insight into what you might expect in an organisation’s security operations centre (SOC) as well as other areas of a business when preparing for and responding to incidents. The block covered how incidents are managed and mitigated, how to prepare and ensure business continuity and resilience, and best practices for policy.

Block 5: Fundamentals of digital forensics

At this point my interest was thoroughly piqued. Going in depth into the process and practices of digital forensic investigations, with practical activities using open source tools such as Autopsy and FTK imager. The block covered best practices for documenting evidence, ensuring continuity of evidence (chain of custody), following appropriate legislations, gathering and preserving evidence (maintaining its integrity without contaminating – e.g. capturing hard disk data using write blockers), and presenting evidence in report. There was some insight into how this evidence might be presented by an expert witness in trial, but this module did not go into depth on this aspect of the role. The module material did, however, make clear that, while a forensic investigator might determine which evidence is pertinent to a case, it is not for them to interpret that evidence. It is only for the investigator to present that evidence.

Going forward

As I said above, I am still waiting on the module result but I have my fingers crossed. The final exam proved to be surprisingly stressful despite taking advantage of the specimen and past papers. I spoke with friends in the same presentation of this module as me who hold senior cyber security roles in their workplaces and they’ve also indicated that they found the exam more difficult and stressful, requiring more time to complete than was made available. So at least I’m not alone.

I’ve recently started TM257: Cisco Networking (CCNA) part 1 and I am looking forward to continuing from the foundational work on this topic previously covered in TM129. TM257 includes a day school with an assessment that is required to complete the module. It looks like I will be pairing up with another student to physically build and configure a small network. I’m looking forward to the experience. It’s always good to get hands on practical experience in my studies.

I also recently started a job in the civil service. It’s not the job I want or one I particularly enjoy, but I’m hoping that it opens a path for me to get where I want to be. My current job is actually far removed from the cyber security field, but I’m still hopeful that I can use the experience to build on other transferable skills while I’m there.