This week, Dr. Dalal Alharthi, an Assistant Professor in the Cyber, Intelligence, and Information Operations Department at the University of Arizona, joins us to talk about the importance of organizations anticipating a breach and why you should see the world through the eyes of an attacker.
This week, Dr. Dalal Alharthi, an Assistant Professor in the Cyber, Intelligence, and Information Operations Department at the University of Arizona, joins us to talk about the importance of organizations anticipating a breach and why you should see the world through the eyes of an attacker.
Megan Garza: [00:00:00] Welcome to Speed Data. Quick conversations with cybersecurity leaders. I'm your host, Megan Garza. This morning, I'm joined by Dr. Dalal Alharthi, Assistant Professor of Cybersecurity at the University of Arizona.
Megan Garza: Welcome to the show, Dalal.
Dalal Alharthi: Thank you for having me, Megan.
Megan Garza: Dalal earned her PhD in Computer Science from the University of California, Irvine, and has a diverse background that spans both industry and academia. She previously held positions as a Cloud Security Engineer at Farmers Insurance, a Resident Engineer at Palo Alto Networks, and a Prisma Cloud Consultant at Dell. Currently, she serves as an assistant professor in the Cyber, Intelligence, and Information Operations department at the University of Arizona.
Megan Garza: Dalal holds two master's degrees, one in Management and one in Computer Science, and she has earned professional certifications, including AWS Cloud Solutions Architect. Dalal, you studied programming in Saudi [00:01:00] Arabia before moving to the States in 2015. What was the biggest difference in information technology between the two countries?
Dalal Alharthi: so studying and working in the information technology field in Saudi Arabia, uh, and then transitioning to study and work in the field in the United States, allowed me to understand the global landscape of, uh, the field of information technology. so there are some differences and similarities, in the field between the two countries, but example, in Saudi Arabia, There is a strong emphasis on digital transformation through government initiatives.
Dalal Alharthi: and also there is an emphasis on the advancement of government services, uh, to align with Vision 2030 plan that we have in Saudi Arabia. while in the United States, it's a much, diverse and, much larger tech industry that we have here. one of the greatest emphasis might be on, uh, businesses and private sector innovations.
Megan Garza: And what do [00:02:00] you foresee as the biggest threat or risk to cybersecurity on the horizon?
Dalal Alharthi: so we always say, that human awareness and social engineering might be one of the biggest risks. Uh, in the field of cybersecurity. and that's why even, big tech companies that have the best technical security toolkits in place might be targeted by successful cyberattacks because of, the lack of human awareness, uh, when it comes to cyber threats or cybersecurity.
Dalal Alharthi: So that will remain, um, one of the biggest threats that we have, of course, in addition to, uh, some other threats like misconfiguration or vulnerabilities that may remain. unnoticed for a period of time. that's why our goal in the cyber security field is to reduce the time between having vulnerability and discovering these vulnerabilities.
Dalal Alharthi: But overall, a human factor plays a significant role in the cyber threats in the field.
Megan Garza: [00:03:00] Yeah. And what made you want to go into
Dalal Alharthi: the field of cybersecurity is in the intersection between many fields or many majors that are really close to, to my interest and to my academic background as well. So I would say that cybersecurity is in the intersection between computer science, software engineering, management, psychology, and many other fields which aligns with my interest.
Dalal Alharthi: It's continuous evolution and challenges of the field that made me interested in contributing to that field and in being part of that field.
Megan Garza: And what do you think is the most important thing to remember when working in cybersecurity?
Dalal Alharthi: One of the things is that we don't have any system that is 100 percent secure. Everything is vulnerable once it's in the cyber world. But our goal, again, is to reduce the time between having these vulnerabilities and patching or remediating these vulnerabilities.
Dalal Alharthi: there are two key [00:04:00] things, to remember when working in the field.
Dalal Alharthi: One of them is, continuous education, it's really significant because every day there's new tools, there's new methodology, there's new techniques, so we have to always keep up to date, to build the best or the most effective defense strategy. and also, when we work in the field, we work with, really critical tools.
Dalal Alharthi: Um, so keeping in mind ethical and legal consideration when working with these tools is something really important.
Megan Garza: And you mentioned vulnerabilities and protecting against cyber threats. In your opinion, what is the best way to defend against a cyber attack?
Dalal Alharthi: the best way, of course, is to be prepared. And to expect that you might have cyberattacks either on the individual level or on the organization level or even on a larger level or on the nation's level. but it's really significant to be prepared and that's why one of the things that we will be tasked To prepare when we work in the field [00:05:00] is the incident response runbook, where we imagine different scenarios, like if we were targeted by a ransomware, what we will do, what tools we will use, and, are we prepared to recover from, uh, these incidents?
Dalal Alharthi: And same thing implies on other incidents. So, of course, being prepared is something really important. also. Being aware of the new threats and, uh, reading about the field, listening to podcasts in the fields is something really important as well. In addition to, of course, making sure that both technical firewalls and human firewalls are enabled and also updated.
Megan Garza: And because you help shape the future minds of tech, can you share one thing that you wish future cybersecurity professionals knew?
Dalal Alharthi: absolutely. So, to all future, uh, cybersecurity professionals, I think it's really important to, think about cybersecurity from the cyberattacker's perspective or from the cyberattacker's mindset, [00:06:00] and that's the best way to be able to build investment. that defense strategy based on that. So that's why in the field we have, some frameworks like Cyber Kill Chain or MITRE ATT& CK where we focus on the steps that the cyber attackers take.
Dalal Alharthi: And then our goal is to disrupt this chain as early as possible, our defense strategy based on that. Um, so that's one thing. And also... uh, it's really important, of course, to, build a structured learning, um, curriculum, for themselves. So, and the best way to do that might be, uh, looking at different job titles where they will allow them to see the difference between the job titles and the requirements that they can prepare based on, um, and also we have nice framework that will, um, Let them understand the knowledge and skills that they need, for each job title that will [00:07:00] help them to, to build their own customized curriculum based on that.
Megan Garza: Because you want to make sure that a student's talents align with the role that they're interested in.
Dalal Alharthi: Exactly, yeah.
Megan Garza: Lastly, if you weren't teaching in cybersecurity, what do you think you'd be doing?
Dalal Alharthi: so I think I'll be doing something that might be close. to what I'm doing currently. So my work currently is to, is related to, digital forensics and the cloud. So that's one of the core things that I'm doing. And if I'm not doing that, or I'm not doing cybersecurity, I think I will be doing some, uh, investigative work, uh, in the cyber crime or, um, something related to that field.
Megan Garza: you can tell that it's a passion of yours.
Dalal Alharthi: Thank you.
Megan Garza: Well, thank you for your time today, Dalal. It's greatly appreciated. And as always, if our audience has any questions they would like asked during a future Speed Data episode, please email me at PR@Varonis.com thank you, Dalal.
Dalal Alharthi: Thank you, [00:08:00] Megan.