We believe that the world is more connected than ever, and with the addition of evolving attack surfaces, the priorities of CISOs and CIOs are changing as they revamp their security programs to mitigate these threats. Today, we are honored to introduce our esteemed guest, Tas Jalali, the Head of Cybersecurity at AC Transit, to discuss the state of the industry as well as the latest security trends. Let’s get started.
1. What are your thoughts on AI botnet attacks on enterprises, and what can organizations do to protect themselves?
AI botnet attacks pose a growing threat to enterprises by leveraging AI algorithms to enhance their scale and sophistication, making them more challenging to detect and prevent. Such attacks can cause significant financial and reputational damage to organizations. To protect against such attacks, enterprises must adopt a multi-layered cybersecurity approach. This should include measures such as regular vulnerability assessments, security training for employees, implementation of secure coding practices, and deployment of security technologies like firewalls, intrusion detection systems, and advanced End Point Detection and Response (EDR) software. Moreover, organizations can leverage AI and machine learning technologies to monitor network traffic and identify abnormal behavior in real-time, thereby enabling quick responses to potential threats. Ultimately, defending against AI botnet attacks demands the implementation of robust cybersecurity measures and advanced technologies to minimize risks and limit adverse impacts on the enterprise.
2. What are the current cybersecurity technologies market opportunities, and what do you think will be the trend in 2024?
The cybersecurity technology market has been expanding rapidly in recent years due to the increasing frequency and severity of cyber threats. Some of the current market opportunities include cloud-based security solutions, AI and machine learning-powered security tools, and next-generation firewalls. Additionally, there is a growing demand for solutions that can protect against advanced threats like ransomware and supply chain attacks.
Looking ahead to 2024, it is likely that the cybersecurity market will continue to grow as more organizations become aware of the importance of securing their digital assets. The trend towards cloud-based solutions and AI-powered technologies is expected to continue, and there may be an increased emphasis on cybersecurity automation and orchestration. Additionally, with the rise of the Internet of Things (IoT), there may be a greater need for specialized security solutions that can protect against IoT-specific threats.
3. How was your experience at Harvard? What are the must-haves in a cybersecurity course curriculum that learners should keep an eye out for when choosing to further their cybersecurity learning journey?
My experience as a Harvard alumnus was both transformative and challenging, with the university’s rigorous academic environment, diverse student body, and opportunities for intellectual and personal growth being defining features. The education I received at Harvard has helped me achieve academic excellence and personal growth and fostered lifelong connections.
4. What’s the most formidable challenge you’ve faced in your career as the Head of Cybersecurity for AC Transit?
As the Head of Cybersecurity of AC Transit, I continually face the formidable challenge of balancing the need for robust security measures with the organization’s business objectives and operations. This includes identifying and prioritizing potential security risks, developing and implementing security strategies and policies, and overseeing the deployment of security technologies and solutions. Staying up-to-date with the constantly evolving cybersecurity landscape is crucial to proactively anticipating and mitigating potential threats while managing incident response and recovery efforts in the event of a breach.
To maintain the security posture, effective communication with both the executive team and employees has been crucial in ensuring their understanding of the significance of cybersecurity and their respective roles. However, the field of cybersecurity is currently experiencing a shortage of skilled professionals who possess the knowledge and expertise to protect organizations from cyber threats.
The rising number of cyber-attacks has significantly increased the demand for cybersecurity professionals. According to CompTIA’s “State of the Tech Workforce Report” (March 2023), the projected growth for tech jobs is 242%. The shortage of skilled cybersecurity professionals has made it challenging for us to fill and retain cybersecurity positions, given that professionals in this field receive many lucrative job offers from various companies.
5. What tips would you like to give aspiring ethical hackers and cybersecurity career starters?
Starting a career in cybersecurity can be challenging, but with the right mindset and approach, it is achievable. Here are some tips to help aspiring ethical hackers and cybersecurity career starters:
First, it is important to have the right education and certifications. A degree in computer science, IT, or a related field is a good start, and obtaining certifications such as the C|EH, CISM, or CISSP can demonstrate your knowledge and expertise to potential employers.
Second, having a strong foundation in IT and programming is essential for success in cybersecurity. Familiarizing yourself with programming languages like Python, C++, and Java can be helpful in understanding and addressing cybersecurity issues.
Third, gaining practical experience is crucial in the cybersecurity field. Participating in CTF competitions, bug bounty programs, or internships can provide valuable hands-on experience and help you build your skills.
Fourth, staying up-to-date with the latest cybersecurity trends and threats is essential. Subscribing to industry publications, attending conferences and events, and joining cybersecurity communities can keep you informed and help you stay ahead of the curve.
Finally, developing strong communication skills is important for cybersecurity professionals, as they often need to communicate technical information to non-technical stakeholders. Effective communication can help you convey security risks and strategies to colleagues and executives. By following these tips, aspiring ethical hackers and cybersecurity career starters can build a solid foundation for a successful career in cybersecurity.
6. How has Elethia shaped your experiences as a cybersecurity professional?
Contributing to Elethia has enabled me to exhibit my dedication towards social responsibility and community engagement, showcasing my commitment towards corporate social responsibility. By volunteering with Elethia, I have been able to develop essential traits such as leadership skills, a strong work ethic, and a willingness to go above and beyond the call of duty.
Moreover, Elethia has provided me with invaluable opportunities for personal and professional development. Through my volunteer work, I have been able to work on meaningful projects, build my leadership skills, and gain experience in areas outside of my regular job responsibilities. These experiences have been instrumental in my personal growth and have contributed to making me a well-rounded professional.
7. What drove you into the field of cybersecurity, and what is the one message you would like to share with our readers based on your professional experience in the field?
I have been working in the cybersecurity field for the last 17 years, and here are some insights that your readers might find useful. My interest in technology and problem-solving skills, as well as the desire to make a positive impact, have been the driving factors for me.
To succeed in cybersecurity, staying up-to-date with trends and continuously learning is crucial. Practical experience through internships or bug bounty programs can develop skills necessary for real-world scenarios. Strong communication skills are also critical, as cybersecurity professionals must communicate technical information to non-technical stakeholders.
The rapidly evolving landscape of Cloud, IoT, 5G, and OT is attracting non-security professionals to learn about cyber risks. Stakeholders and policymakers are working towards a more secure future, with new opportunities for improvement in 2023. To enhance cyber resilience and prepare for the future, it’s crucial to embrace transformative technologies such as AI, ML, and IoT, and adapt to the changing landscape.
About the Author
Head of Cybersecurity, AC Transit
Tas is an accomplished cybersecurity leader with 17+ years of experience in startups and Fortune 500 companies. He specializes in risk-based Information Security programs, Compliance, and Privacy, aligning security with business strategies. Tas has led security teams, developed secure products, managed technology risk, and achieved regulatory compliance. He has consulted for Fortune 500 companies, improving their security strategies and risk management. Tas is the head of cybersecurity at AC Transit and holds a BS in Engineering and a Master’s (ALM) from Harvard University.