Cyber security is becoming a major issue with the advent of digital technology. This is why we would like to dedicate portraits to people working in this field. This week, we met Benjamin Le Du, working at Maureva as Security Officer & Team Leader.
Benjamin, you are Security Officer & Team Leader for Maureva. Can you explain to our readers what your work consists of?
My work consists of several things. First of all, as Security Officer, I take care of the security aspect of Maureva’s projects, both during the design and the deployment phase. Then, with my colleague and superior Bruno K, we work throughout the year to make all Maureva employees aware of cyber security, because it is important to know that good IT security in a company can only work properly if all employees are involved. Then, the other part of my job consists in developing tools, mostly in Java, and creating and implementing solutions in the Amazon Cloud Service (AWS).
A typical day always starts by looking at alerts and logs from various systems I monitor. Secondly, we need to keep up to date with new vulnerabilities, techniques that could compromise the security of our products and infrastructures. It is mandatory to do some monitoring on it by going for example on NIST (nist.org), US-CERT(us-cert.gov), Owasp (owasp.org), Zataz (www.zataz.com) or even packetstormsecurity.com.
What tools do you use every day in your job?
As a Security Officer, I use daily tools such as Splunk, Graylog, which allow to gather and monitor all activities within a network or an application, in order to be alerted as soon as possible of any strange or unwanted fact.
What is the biggest difficulty you encounter in your job?
One of the biggest difficulties consists in keeping up to date, because it is necessary to know that many security flaws are discovered every day, so it is compulsory to keep an eye on these subjects. Then, the other big challenge is to make people understand that each employee in a company is a link in the security chain, and that it is thanks to this collective work, to this awareness, that we can put in place effective security.
The field of cyber security is becoming crucial in our society, so it is a job of the future. Do you have any advice for young people who want to work in the field?
Yes, of course! Computer security is a profession of the future, because as you can see in the recent news, more and more attacks are taking place on a more or less large scale and this impacts all sectors of the economy. It should not be assumed that only companies working in the IT sector can be affected by security problems. Small, medium and large companies can have a security problem at some point… Look at ransomware for example.
In my opinion, to start in computer security, you need to have a good base in networks and development, and an inquisitive mind. Then, you have to update yourself daily, follow best practices like OWASP, and follow a CEH training, for example.