October is Cybersecurity Awareness Month. All month long, ITS News will highlight this year’s theme: See yourself in cyber. In this article, seeing yourself in cyber means seeing the possibilities for careers in cybersecurity. To learn more about other ways to see yourself in cyber, visit Safe Computing at UNC.
Hasan Asadi, a Security Delivery Senior Analyst at Accenture, got his start in cybersecurity as an intern in the ITS Information Security Office. We caught up with him to see how his years in the Information Security Office prepared him for a career in cybersecurity.
Hasan Asadi
Title: Security Delivery Senior Analyst at Accenture
Town of residence: Raleigh
Education: Bachelor of Science, Computer Science & Information Science, UNC-Chapel Hill, May 2020. He expects to earn a Masters of Science in cybersecurity from New York University in May 2023.
Dates of internship at ITS Information Security Office: August 2017 to May 2020
What do you do as Security Delivery Senior Analyst at Accenture?
I work directly with clients in a security operations and engineering role. I provide overall event monitoring and daily security operations efforts while also interacting with development teams to meet application security standards in an engineering perspective. Also, I often provide internal assessments which are converted to tasks for development sprints to improve the security state of the client’s product and meeting any frameworks the clients want to abide by in their software.
How did your internship at the Information Security Office prepare you for your career in cybersecurity?
The Information Security Office prepared me for my career by teaching me a valuable principle: security isn’t just about what you learn in class. Its about how its applied in a real-world setting and how the user takes advantage of it. This means that often you’ll have to get your hands dirty, do the research, and apply that to your work by either designing something new or integrating something pre-made.
That’s something we’ve done at ITS where we’ve changed our password complexity settings and verification application to integrate open-source metrics in determining what a “secure” password is. This was done by researching the options available in the industry and determining their benefits for the University. Make no mistake, education gives you the necessary fundamentals to get the job done but expect to research and have a “just do it” attitude because at the end of the day, you’re a problem solver. Sometimes there isn’t an instruction manual, and you’ll just have to figure it out using the fundamentals you’ve learned.
What do you enjoy or find meaningful about working in cybersecurity?
You’re protecting people’s data. It could be yours, your family’s, your neighbors or a stranger’s data. You’re doing important work.
What do you wish UNC students, staff or faculty understood about cyber threats or cybersecurity?
To get to the best state of security, we must realize that security is not a separate effort, idea or team in application development. Security should be a part of the development team itself. Creating this separation of teams only makes it more difficult to defend the application as it adds extra steps in development instead of integrating security into the product.
What are the current cybersecurity risks that have your attention?
My biggest concern is dated packages. Think of the Log4Shell vulnerability. That is only one of many important packages from years ago that is heavily in use. Packages that haven’t been given though to security and ones many large networks use today, especially in government on a federal, state, local and territorial level. This presents massive risk as we are depending on dated code that hasn’t gone through security review because a decade ago security wasn’t the important factor as it is today.
You’re currently working on a master’s degree. What inspired you and what will your specialty be?
I knew I wanted to continue my education and specialize, but I was stuck between an MBA or a cybersecurity masters. My choice ended up being the cybersecurity masters because not only did it focus in on the industry, but also allowed me to get more technical and engineering focused, which is where I wanted my career to go. I get to take classes in application security, network security, offensive operations, mobile security, etc., which all are exciting courses! I’ll end the program with a Master of Science in cybersecurity with both my CAE-Cyber Defense acknowledgement and CAE-Cyber Operations acknowledgement with my specialty being in cyber operations.
Interested in student employment with ITS? Use JobX to search and apply for roles with the Information Security Office and other ITS units. Learn more about jobs in different ITS divisions and hear from students about how they gained real-world experience, new skills and grew their professional network.