Cyber Security Graduate, Ez Yiap, Shares His Insights Into His Institute of Data Capstone Project

Cyber Security Graduate, Ez Yiap, Shares His Insights Into His Institute of Data Capstone Project

Stay Informed With Our Weekly Newsletter

Receive crucial updates on the ever-evolving landscape of technology and innovation.

By clicking 'Sign Up', I acknowledge that my information will be used in accordance with the Institute of Data's Privacy Policy.

At the Institute of Data, all our students create a capstone project to highlight the knowledge and talents that they’ve gained through their time with us.

It’s a perfect opportunity for them to get creative with their new skills, apply them in a business situation, and create something they can bring to future job interviews and employment opportunities as proof of their strengths and abilities.

In this write-up, cyber security graduate Ez Yiap shares his insights into his capstone project.

Hi Ez, please tell us about your capstone project.

The Institute of Data (IOD) encouraged us to choose a capstone that demonstrated transferrable skills we could bring to the cyber security industry and what we had learned in the program. The point of the capstone was also to highlight an aspect of cyber security that we enjoy or have in particular interest.

I developed a conceptual framework that organisations, communities and educational institutions could use to promote cyber security influence and advocacy. It is called the S.A.L.E.S. Framework for Cyber Security. S.A.L.E.S. stands for Stories to Address Learning and Empower Security.  

The framework breaks down each of those five letters into a domain with cyber security categories and subcategories that address the use of storytelling to embed a secure culture, foundational cyber security concepts, knowledge, awareness and practical application.

The framework is built on three pillars: 

  • Discover: Understanding and connecting people to cyber security.
  • Deliver: Creating knowledge sharing and accessibility to cyber security foundations, concepts, practices, controls, pathways and people.
  • Drive: Navigating a purposeful and empowered journey to a clear cyber security culture.

Interesting. How did you come up with the idea?

I entered the world of cyber security without prior experience or understanding of it and without a background in information technology (IT).

I found the IOD cyber security program incredibly valuable in giving me a foundational knowledge and practical job applications.

The more I learned and trained, the more I kept thinking how useful it would have been in so many of my previous jobs, and my life in general, to know this stuff.

Additionally, undertaking my journey into the cyber security industry after a decade working in the travel industry, I was exposed to the juxtaposition of crazy high demand for talent, and so many job opportunities but also the chellenge of landing a job.

I began to realise there are certain industry and recruiting stigmas, as well as an overwhelmingly outdated organisational culture of where cyber security fits into the picture of business and education.

So, I figured why not use my capstone project to bring a fresh attitude, perspective and take on how we can use the strongest bond of community – storytelling – to drive a new kind of cyber security culture.

That shows great initiative. Where and how did you find the data?

I had quite the journey of digging up the data to build my capstone project.

It really evolved as I built out the framework, and bits and pieces of the concept and varying inspirations came together.

I had anecdotal evidence about the cyber security resources talent gap, maturity in organisations, and the gap in education/awareness. But then I had to find the research and evidence to back that up. It required plenty of online research via educational institutions, government publications, news articles, publications/blogs/posts from recruiters, industry experts and more.

To push my capstone from being just a nice idea into an actual practical working platform, I looked to existing cyber security and information security frameworks, standards and guidelines. I found inspiration in the NIST Cybersecurity Framework (CSF) publication as a way to holistically model the S.A.L.E.S Framework.

This meant my framework could be used by pretty much anyone or any entity in either full, limited or focused capacity.

Further, providing flexibility and encouraging adaptability was something important to the audience that came out of my research.

Did you have any challenges along the way?

The biggest challenge was probably breaking down the five functions into fifteen categories and then a further thirty-nine subcategories. On top of that, having to build out the description and examples of all of those to create clear, practical application and instruction for the implementation of the framework.

Developing the concept of the S.A.L.E.S. framework also found me met with challenges such as whether to target a specific demographic or audience versus keeping the framework broad and generic. 

Lastly, part of the challenge was to hold back and not get too carried away because it truly could be professionally developed, and I didn’t have the resources to take it that far.

How did you overcome those challenges?

In breaking down the framework, I had to persist with an extensive examination of how existing frameworks work and how they are utilised and implemented.

I talked to peers, my IOD trainer, and friends objectively removed from cyber security to get input and run ideas by them.

I did have to remind myself that the capstone is intended to be demonstrative and proof of concept, so it is okay to work within a certain scope and take it only so far.

As a cyber security graduate, how would you approach it differently in an industry setting?

In my case, the capstone project being a cultural framework, there isn’t really something that I would do differently in applying it within a job.

The framework presentation provides a long list of use cases and how to implement it, including an eight-step guide.

To bring this into existence as part of a cyber security job, I would follow that implementation and work on understanding the scope, purpose and goals of the organisation I was working with or for.

What was the end result of your project?

The end result was that I was both able to reinforce the Cyber Security Program’s content that I’d learned through the project as well as demonstrate a way to use my knowledge and skillset practically and professionally.

The project affirmed for me that one of the transferrable and much-needed strengths I bring to the cyber security industry is knowledge and experience in creating a culture to drive organisational change.

In my introduction to studying cyber security, I picked up the principle of cyber security needing to support the organisation’s goals.

For me, this means that unless you build a cyber security program and journey on a strong, well-defined culture, you won’t ever fully utilise cyber security to push the organisation forward.

Was there a specific person who helped you along the way?

My IOD trainer Michael Choeng was very supportive and helpful in finalising my capstone project.

Working in a cohort with like-minded students was great to bounce ideas off and help validate my direction in the project.

Connect with Ez on LinkedIn for more on his capstone presentation, hacking his way into the cyber security industry and experience with the Institute of Data.

If you would like to learn more about what is taught in the Institute of Data’s Cyber Security Programs, download a Cyber Security Course Outline. 

Share This

Copy Link to Clipboard