Cybersecurity Graduate, Ez Yiap, Shares His Insights Into His Institute of Data Capstone Project

At the Institute of Data, all our students create a capstone project to highlight the knowledge and talents that they’ve gained through their time with us.

It’s a perfect opportunity for them to get creative with their new skills, apply them in a business situation, and create something they can bring to future job interviews and employment opportunities as proof of their strengths and abilities.

In this write-up, cybersecurity graduate Ez Yiap shares his insights into his capstone project.

Hi Ez, please tell us about your capstone project.

The Institute of Data (IOD) encouraged us to choose a capstone that demonstrated transferrable skills we could bring to the cybersecurity industry and what we had learned in the program. The point of the capstone was also to highlight an aspect of cybersecurity that we enjoy or have in particular interest.

I developed a conceptual framework that organizations, communities, and educational institutions could use to promote cybersecurity influence and advocacy. It is called the S.A.L.E.S. Framework for Cybersecurity. S.A.L.E.S. stands for Stories to Address Learning and Empower Security.  

The framework breaks down each of those five letters into a domain with cybersecurity categories and subcategories that address the use of storytelling to embed a secure culture, foundational cybersecurity concepts, knowledge, awareness, and practical application.

The framework is built on three pillars: 

• Discover: Understanding and connecting people to cybersecurity.
• Deliver: Creating knowledge sharing and accessibility to cybersecurity foundations, concepts, practices, controls, pathways, and people.
• Drive: Navigating a purposeful and empowered journey to a clear cybersecurity culture.

Interesting. How did you come up with the idea?

I entered the world of cybersecurity without prior experience or understanding of it and without a background in information technology (IT).

I found the IOD cybersecurity program incredibly valuable in giving me foundational knowledge and practical job applications.

The more I learned and trained, the more I kept thinking how useful it would have been in so many of my previous jobs and my life in general to know this stuff.

Additionally, undertaking my journey into the cybersecurity industry after a decade working in the travel industry, I was exposed to the juxtaposition of crazy high demand for talent and so many job opportunities but also the challenge of landing a job.

I began to realize there are certain industry and recruiting stigmas, as well as an overwhelmingly outdated organizational culture of where cyber security fits into the picture of business and education.

So, I figured why not use my capstone project to bring a fresh attitude and perspective and take on how we can use the strongest bond of community – storytelling – to drive a new kind of cybersecurity culture.

That shows great initiative. Where and how did you find the data?

I had quite the journey of digging up the data to build my capstone project.

It really evolved as I built out the framework, and bits and pieces of the concept and varying inspirations came together.

I had anecdotal evidence about the cybersecurity resources talent gap, maturity in organisations, and the gap in education/awareness. But then I had to find the research and evidence to back that up. It required plenty of online research via educational institutions, government publications, news articles, publications/blogs/posts from recruiters, industry experts and more.

To push my capstone from being just a nice idea into an actual practical working platform, I looked to existing cybersecurity and information security frameworks, standards and guidelines. I found inspiration in the NIST Cybersecurity Framework (CSF) publication as a way to holistically model the S.A.L.E.S Framework.

This meant my framework could be used by pretty much anyone or any entity in either full, limited or focused capacity.

Further, providing flexibility and encouraging adaptability was something important to the audience that came out of my research.

Did you have any challenges along the way?

The biggest challenge was probably breaking down the five functions into fifteen categories and then a further thirty-nine subcategories. On top of that, having to build out the description and examples of all of those to create clear, practical application and instruction for the implementation of the framework.

Developing the concept of the S.A.L.E.S. framework also found me met with challenges such as whether to target a specific demographic or audience versus keeping the framework broad and generic. 

Lastly, part of the challenge was to hold back and not get too carried away because it truly could be professionally developed, and I didn’t have the resources to take it that far.

How did you overcome those challenges?

In breaking down the framework, I had to persist with an extensive examination of how existing frameworks work and how they are utilized and implemented.

[su_quote]I talked to peers, my IOD trainer, and friends objectively removed from cybersecurity to get input and run ideas by them.[/su_quote]

I did have to remind myself that the capstone is intended to be demonstrative and proof of concept, so it is okay to work within a certain scope and take it only so far.

As a cybersecurity graduate, how would you approach it differently in an industry setting?

In my case, the capstone project being a cultural framework, there isn’t really something that I would do differently in applying it within a job.

The framework presentation provides a long list of use cases and how to implement it, including an eight-step guide.

To bring this into existence as part of a cybersecurity job, I would follow that implementation and work on understanding the scope, purpose, and goals of the organization I was working with or for.

What was the end result of your project?

The end result was that I was able to reinforce the Cybersecurity Program’s content that I’d learned through the project as well as demonstrate a way to use my knowledge and skillset practically and professionally.

The project affirmed for me that one of the transferrable and much-needed strengths I bring to the cybersecurity industry is knowledge and experience in creating a culture to drive organizational change.

In my introduction to studying cybersecurity, I picked up the principle of cybersecurity needing to support the organisation’s goals.

For me, this means that unless you build a cybersecurity program and journey on a strong, well-defined culture, you won’t ever fully utilize cybersecurity to push the organization forward.

Was there a specific person who helped you along the way?

My IOD trainer, Michael Choeng, was very supportive and helpful in finalizing my capstone project.

Working in a cohort with like-minded students was great to bounce ideas off and help validate my direction in the project.

Connect with Ez on LinkedIn for more on his capstone presentation, hacking his way into the cybersecurity industry and experience with the Institute of Data.

If you would like to learn more about what is taught in the Institute of Data’s Cybersecurity Programs, download a Cybersecurity Course Outline.