This questionnaire is scripted from the interview attached for you below. Here we have tried extracting a few questions from the interview for you to have a quick glance. For better insights and a detailed view of the cyber security industry, do watch the entire video and we can ensure that it will be worth your time.
By Sweekriti Bharti
Bhavya Singh | Digital Cyber Forensic Expert
This inspiring woman hailing from Bihar, India is currently working as a cyber forensic expert in KPMG, Dubai. In her journey of 3 years she has solved many cases related to ransomware attacks and believes in learning new things everyday. In awe of her profession she also maintains a work life balance with a perfect blend of work, practicing spirituality & meeting new people and friends.
What is Cyber Security? & What are the Specializations in it?
Cyber Security is basically giving security to all your technology and devices from any online attacks, now under this there are many specifications and specializations that we can talk about. But on a whole, the practice of cyber security reduces the risk of being attacked by unauthorized networks and technologies.
So at large, you can divide the specializations of cyber security into two- red teaming & the blue team.
The Red team is predominately hackers, so the organization willfully wants to break into the hackers environment and help them stimulate the attack lifecycle and identify the vulnerabilities. So this is a very general description that i am giving, as a red team, you can break into a network, mobile phones, electronics & web applications.
Whereas Blue teaming is predominantly about helping organizations stay safe, this can be bifurcated into two different types of things one would be on the technical side, where you’re developing and deploying certain tools. In blue teaming, so you can figure out what’s happening in the real time, that is proactive monitoring.
And then there is a breach that comes into picture when the incident or the attack has already happened then forensic comes into the picture. There is digital response and then there is digital forensics which comes after the threat has already occurred.
What is the first step an organization should take if they are facing a Cyber Threat?
Organizations usually have lots of policies and procedures in place and most of the corporations of big organizations have threat security in place. So they have an information security manual ISPM and if certain organizations do not have it, it’s a must-have. It’s the best practice to reduce the risk of dealing with threats & attackers beforehand.
Another important thing is that the policies also differ as per the geo-locations, for an example Europe has a policy GDPR and what it states is if there is any breach that has happened or any sort of personal identifiable information which has gone out of any customer residing in Europe by the organization then the organization has to let authorities know within the 72 hours of them knowing that the breach has happened otherwise they are reliable to pay a huge sum of fines. Cyber Security Types and Threats Defined!
What should be an individual’s first step, if he/she faces any Cyber Threat in India?
In India, if somebody is bothering you or somebody is threatening you, the best person to go to is the police and as we have the cyber division in place you can seek help from them. It’s slow but it’s the best possible pace to help from.
Is it safe to log in to public WIFI as café work culture is such a big hype?
Data breaching is a big thing as we know so first of all I will highly recommend people to not connect to any public wifi and maybe even if you have to, have your own VPN on. Therefore it’s always important to maintain that hygiene. Just recently an incident happened when I was returning back to Dubai and while on the flight I would see wifi availability so randomly I typed 1 to 8 as the password and I could access the internet. So people talk about password complexities but what about keeping your hotspot or wifi password strong. And hence we should inculcate the habit of having complex passwords and practice it.
How do you keep all your devices safe from any Cyber Threat? Three things that you follow to keep your devices safe?
- First of all having your own Internet
- Secondly having your VPN on, whenever needed access of
- Having complex passwords and keep changing it in a given time period,
Well with our third point there is also a triangle where you talk about functionality, usability & security. So what you need to have is the balance of all these three factors to keep you safe and functional.
What is the specific course or program you need to opt for to get into the Cyber Security Profession?
I had a similar query when I was in college, so I can understand. So coming to the question, having a background in engineering surely helps, subjects that are important are computer networks, operating systems, and programming languages. And learning which programming language depends on what you want to do further. Read: Cyber Security Courses In India!
Can a non-technical person enter the field of the Cyber Security domain?
Today the internet is a big world, anything you want to learn and skills that you want to gain is all available on youtube and can be accessed through online learning. Today you can take a class from MIT to IIM on your screens making the world smaller yet easier to understand. Read: Best Cyber Security Colleges In India!
Would you like to talk about any Cyber case that you solved?
I have been solving mostly Ransomware attacks, so there was a period during covid times where organizations were looking into more functionality and usability than security and this was the time when a lot of organizations were hit by a ransomware attack. So ransomware attack is where your files get encrypted and the only way to access your files then is by paying a certain amount, so it’s basically like kidnapping or blackmailing and has become a business for scammers.
How much time does it take to solve or work on one project? What’s the time frame like?
As a digital forensic SME, we do have two to three ransomware attacks and clients that we have to deal with at the same time. But on the other hand, the time period taken to recover in any particular case depends on how ready the organization is. What I mean here is if the organization has already built a muscle memory of encrypted files and data that’s needed a team is already there, and things get easier.
Data selling is a huge market today, what are your thoughts on data selling?
The data selling industry definitely has to be more regulated, and yes it’s a very huge business which is ongoing and making huge profits now. You are not even aware and your data is being used by the industry.
Talking about a very recent event where the ransomware attack called lapse which gained a lot of popularity after cyprtocurrienes came into being. So this attack was at its peak, and had a hall of defame, where giants were threatened that they would leak their data. But they have actually been caught for a few weeks now and we got to know that they were 16 years old teenagers.
So imagine 16 years old coming into the picture and challenging companies who actually sell security!
So knowledge is everywhere. It depends on how you use it, you wanna be the good guy or a bad guy but apparently bad guys are paid more and so the world is altogether unfair.
What is the average salary a beginner gets in the Cyber domain and what is the highest package one can get?
Honestly speaking it all depends on how skilled you are, depending on whether you can actually go ahead in this profession, with the right mindset, and curiosity to keep learning with having the right amount of patience and keen to think differently. Recently the scenario of the cyber industry has also changed as due to pandemic more and more cyber attacks have happened leading to more demand for skilled hackers.
We all start with a basic of 25k per month and lately you get paid highly depending on the organization you choose and you work with. As a freelancer too you’re paid per project and for some that’s a good amount of money. Click here for the detailed guide!
“No college curriculum is going to prepare you for the industry, it’s all you, how well you”
Any courses or books you would like to recommend related to the Cyber industry that could help individuals gain knowledge?
So if you want to get into hacking, you need to understand how web applications work, so there is a very basic one called ‘web application hacker’, so you can go through that, other than that read books that clear your understanding and help you have the strong fundamentals.
‘Bug crowd’ is another book where a lot of companies are listed there and what bugs you will encounter and should know about.
How do you balance your life & work together? Bestow us with your spiritual experience to balance it out.
Spirituality is a way I keep a balance in my life. Work is anyway insane for me, although I love it. So the more you run away from things the more they come to you, so being a non technical person i always used to run away from technicalities but one day it just came to me, that it’s just 6 months let’s see what i can make out of it, let’s give it a try?
And having the right guidance at the right amount of time is also very important, so the aspect of having a guru came into picture in my life.
“There is hard work but there is also luck to have that sort of people to in that particular time to guide you”
How to protect yourself on a personal level?
As I always try to make people around me aware, first of all do not click on random links, do not give your same number at all places, do not use public wifi and if you have to use the internet keep your VPN on.
Is there any online website where you can report Cyber crime efficiently?
No, there isn’t one particular regulatory body that is present online but the best person to rhea is the cyber police, and as far as i know the delhi division is really effective and efficient at their work.
How is it for a woman working in a hacking domain? What’s the working environment like?
Its quite empowreirng so when we talk about feminism its about equality in terms of opportunity and now we are getting there. And cyber in general does not need just the technical part of it but also soft interpersonal skills are an extra added aspect that’s needed in this domain.
You just can’t compare, men bring in different kinds of flavor on the table whereas women have their side to it so both the genders are equally needed and efficient in this domain in all aspects. It’s a mix of both that brings a balance in the environment.
If one does not get into any of the big 4’s (Deloitte, KPMG, PWC, ERNST & Young), which company can an individual apply to?
I would highly suggest working for a startup as you work on so many different parts, and you are not assigned just one domain or one part of the case. Other than that you should always think about what people you want to work with more than the company, as whatever you are going to learn is from the person or the individual in the company and not just the company.
With that being said, you can work for a product based company where you can be a master of one but at the same time, you can work as a consultant where you can become jack of all trades but master of none. Read: Top 10 Cyber Security Jobs In India!
How do you deal with your bad days?
It’s difficult that you’re in that situation, so I generally call my mom and talk to my family and they generally have more problems than mine, so my problems tend to look smaller (laughs).
Other than that I spend more and more time with people I love so that helps me. Meditation and looking inward, and spending some time alone helps but it’s not the same with everyone. Also mediation is one such thing that has been glorified a lot but it’s not the same for everyone again, you can’t meditate on your own always so seek help for it. You first need to learn how to meditate to feel it. Again the factor of guru coming in your life.