At the Institute of Data, all our students create a capstone project to highlight the knowledge and talents that they’ve gained through their time with us. It’s a perfect opportunity for them to get creative with their new skills, apply them in a business situation and create something that they can bring with them to future job interviews and employment opportunities, as proof of their strengths and abilities.
Here, Cyber Security graduate Ez Yiap shares his insights into his own capstone project. Read on to find out how he went.
Tell us about your capstone project.
Institute of Data (IOD) encouraged us to choose a capstone that demonstrated both transferrable skills we could bring to the cyber security industry and what we had learned in the course. The point of the capstone was also to highlight an aspect of cyber security that you enjoy or have in particular interest.
I chose to develop a conceptual framework that organisations, communities and educational institutions could use to promote cyber security influence and advocacy. It is called the S.A.L.E.S Framework for Cyber Security. That stands for Stories to Address Learning and Empower Security.
The framework breaks down each of those five letters into a domain with cyber security categories and subcategories that address the use of storytelling to embed a secure culture, foundational cyber security concepts, knowledge, awareness and practical application.
The framework is built on three pillars:
- Discover: Understanding and connecting people to cyber security.
- Deliver: Creating knowledge sharing and accessibility to cyber security foundations, concepts, practices, controls, pathways and people.
- Drive: Navigating a purposeful and empowered journey to a clear cyber security culture.
How did you come up with the idea?
I entered the world of cyber security without prior experience or understanding of it and without a background in information technology (IT). I found the IOD cyber security program incredibly valuable in giving me a foundational knowledge and practical job applications. The more I learned and trained, the more I kept thinking how useful it would have been in so many of my previous jobs and life in general to know this stuff.
Additionally, undertaking my journey into the cyber security industry after a decade working in travel, I was exposed to the juxtaposition of crazy high demand for talent, so many job opportunities but also the difficulty of landing a job. I began to realise there are certain industry and recruiting stigmas, as well as an overwhelmingly outdated organisational culture of where cyber security fits into the picture of business and education.
So, I figured why not use my capstone project to bring a fresh attitude, perspective and take on how we can use the strongest bond of community – storytelling – to drive a new kind of cyber security culture.
Where and how did you find the data?
It was quite the journey of digging up the data to build my capstone project. It really evolved as I built out the framework and bits and pieces of the concept and varying inspirations came together. I had anecdotal evidence about the cyber security resources talent gap, maturity in organisations and the gap in education/awareness but then had to find the research and evidence to back that up. It required plenty of online research via educational institutions, government publications, news articles, publications/blogs/posts from recruiters, industry experts and more.
To push my capstone from being just a nice idea into an actual practical working platform, I looked to existing cyber security and information security frameworks, standards and guidelines. I found inspiration in the NIST Cybersecurity Framework (CSF) publication as a way to holistically model the S.A.L.E.S Framework. This meant it could be used by pretty much anyone or any entity in either full, limited or focused capacity. Providing flexibility and encouraging adaptability was something important to the audience that came out of my research.
What challenges did you have along the way?
The biggest challenge was probably breaking down the five functions into fifteen categories and then a further thirty-nine subcategories. On top of that, having to build out the description and examples of all of those to create clear, practical application and instruction for the implementation of the framework.
Developing the concept of the S.A.L.E.S. framework also found me met with challenges such as whether to target a specific demographic or audience versus keeping the framework broad and generic.
Lastly, part of the challenge was to hold back and not get too carried away because it truly could be professionally developed, and I didn’t have the resources to take it that far.
How did you overcome those challenges?
In breaking down the framework, I had to persist with lots of examination of how existing frameworks work and how they are utilised and implemented. I talked to peers, my IOD trainer and also friends objectively removed from cyber security to get input and run ideas by them.
I did have to remind myself that the capstone is intended to be demonstrative and proof of concept, so it is okay to work within a certain scope and take it only so far.
How would you do the project differently if it was within the context of an industry setting for a job?
In my case, the capstone project being a cultural framework, there isn’t really something that I would do differently in applying it within a job. The framework presentation provides a long list of use cases and how to implement it, including an eight-step guide.
To bring this into existence as part of a cyber security job, I would follow that implementation and work on understanding the scope, purpose and goals of the organisation I was working with or for.
What was the end result?
The end result was that I was both able to reinforce the IOD cyber security program content I’d learned through the project as well as demonstrate a way to use my knowledge and skillset practically and professionally.
The project affirmed for me that one of the transferrable and much-needed strengths I bring to the cyber security industry is knowledge and experience in creating a culture to drive organisational change. In my introduction to studying cyber security, I picked up the principle of cyber security needing to support the organisation’s goals. For me, this means that unless you build a cyber security program and journey on a strong, well-defined culture, you won’t ever fully utilise cyber security to push the organisation forward.
Who helped along the way?
My IOD trainer Michael Choeng was very supportive and helpful in finalising my capstone project. Working in a cohort with like-minded students was great to bounce ideas off and help validate my direction in the project.
Connect with Ez on LinkedIn for more on his capstone presentation, hacking his way into the cyber security industry and experience with the Institute of Data.