In the course MIS 4596: Managing Enterprise Cybersecurity under the instruction of Professor Lanter, I gained a comprehensive understanding of the managerial aspects surrounding information security. This course delved into the multifaceted nature of security, covering a diverse array of topics such as technical elements like cryptography, managerial considerations such as policy compliance, physical security measures like door locks, and even psychological aspects like social engineering. A primary goal of the course was to cultivate a security mindset, encouraging students to adopt an attacker’s perspective to identify potential vulnerabilities and exploit them. Through this holistic approach, the course equipped me with a well-rounded knowledge base, emphasizing the interconnectedness of various security dimensions in the realm of enterprise cybersecurity.
Through the completion of Milestone 3 and Milestone 4 in the cybersecurity penetration testing and risk assessment projects, I gained valuable insights and skills that are crucial for a successful career in cybersecurity. These milestones not only enhanced my technical proficiency in identifying vulnerabilities in public-facing webservers but also honed my ability to communicate complex findings and recommendations effectively.
In Milestone 3, I learned the importance of conducting blind penetration tests, simulating real-world scenarios where limited information is available. This experience not only sharpened my technical prowess but also underscored the significance of thorough reconnaissance and meticulous evaluation. Milestone 4, with its focus on recommending controls to mitigate identified vulnerabilities, provided a comprehensive understanding of how to bridge the gap between assessment findings and actionable solutions.
The integration of NIST special publication 800-53 and the NIST Cybersecurity Framework further enriched my knowledge by offering a structured approach to selecting and implementing controls. This meticulous process of cross-referencing vulnerabilities with relevant controls underscored the importance of aligning security measures with industry standards and best practices.
As I reflect on these milestones, I recognize the critical role effective communication plays in the field of cybersecurity. The ability to convey technical information, such as penetration test findings and recommended controls, to non-technical stakeholders is paramount. This experience has equipped me with not only technical skills but also the ability to articulate cybersecurity concerns and solutions in a clear and concise manner.
In my future career in cybersecurity, I plan to apply the lessons learned from these milestones by approaching security assessments with a comprehensive and methodical mindset. I will prioritize the integration of industry standards and frameworks in my recommendations, ensuring that cybersecurity measures align with established guidelines. Moreover, I will leverage effective communication skills to bridge the communication gap between technical and non-technical stakeholders, fostering a collaborative and proactive approach to cybersecurity within organizations. Ultimately, these milestones have laid a solid foundation for my career, emphasizing the importance of continuous learning, adherence to best practices, and clear communication in the dynamic and evolving field of cybersecurity.