Congratulations to Rodney Adriko, MSc Cyber Security graduate, who won the Chartered Institute of Information Security (CIISec) Student Project of the Year Award!
We caught up with Rodney to find out more about his time at Kent, his plans for the future his award-winning project.
Could you tell us about your experiences studying at Kent?
The world evolved and quickly transitioned to the adoption of technology to accomplish several tasks including home activities like parenting to cooking, educational activities such as online classrooms and exams to more advanced activities such as delivery of essential services like water and power to masses. This, was in part, accelerated by the consequences of the COVID19 pandemic that limited physical interactions and forced many organisations to consider alternative methods of work. However, this uptake of technology has inadvertently presented new avenues of attack that could be exploited by cybercriminals to gain illegal access to key resources which may translate into massive damage and consequences. With this new threat vector and a high number of unfilled cyber security positions, it is evident that there is still a need to have leaders in cybersecurity who will shape the next generation of secure computing. Additionally, there has also been a lot of advancements and regulations relating to privacy of data of individuals processed by data processors/controllers including Uganda that had just signed the Data Protection and Privacy Act of 2019.
As such, the Master of Science in Cybersecurity degree at the University of Kent was just the right for me with modules like Image Analysis through security applications, Computer and Network Security, Cyber Law, Privacy and Cybersecurity that are critical to get a deeper understanding of cybersecurity. In addition, some courses like Privacy and Security and Systems Security were particularly interesting because they allowed me to study key topical items such as cryptography, Random Number Generation and ransomware. Being a centre of excellence for cyber security research (especially ransomware research), the professors provided advanced practical insights and lessons on how to identify, detect and combat ransomware. The course at Kent was also flexible in timing and scheduling and allowed me to attend classes as a full-time student in addition to working as a full-time employee as an Audit Manager at one of the Banks in Uganda. It presented me an opportunity to advance from both a career and education perspective and allowed me to “hit two birds with one stone.” Amidst all the pandemic challenges and tight scheduling, I was able to excel and graduate top of the class with a Distinction and win the Chartered Institute of Information Security (CIISec) Student Project of the Year Award and subsequently, a nomination to the prestigious Fred Piper Award that is given in honour of Professor Fred’s efforts in advancing cybersecurity education.
Could you tell us about your winning project?
The project was not ever a complex one as such. We examined the assertion that cyber insurance promotes cybersecurity best practice by conducting a critical examination of proposal forms to determine how well the current assessment methods adopted by insurers aligned with international standards like the ISO 27001, NIST Cybersecurity Framework and the UK Cyber Essentials. We sought to determine whether the forms had adapted to changes in the market and learnt from lessons presented by previous research. We achieved this by examining the questions posed by insurance providers in their insurance proposal forms which is a self-assessed questionnaire used to assess the applicant’s cybersecurity posture. These questions were then mapped to determine whether the controls examined correspond to a control category in each of the standards. This process allowed us to identify controls that are considered most by insurers and the highly neglected controls.
Our contribution included evidence to strengthen the assertion that adoption of cyber insurance promotes established risk management standards. This was done by identifying controls that are most or least considered by the insurers in their assessment of an applicant’s cyber posture. In addition, we informed the overall insurance process by presenting a set of baseline controls that should be included in all proposal forms to ensure alignment with the three information security frameworks. Finally, we determined whether insurers had adapted to lessons learnt from previous work in cyber insurance and discussed considerations that should be made in the self-assessment and data collection process to improve the overall risk assessment process by insurers. Together with my supervisor, Jason Nurse, we are in the process of converting this project into an academic paper for submission to a journal and will be glad to share it whenver it becomes available to the public.
What are your plans for the future?
Uganda, like any other country in the world is faced with a shortage of cybersecurity professionals that are critical in maintaining economic growth supported by secure technology. My long-term plan is to set up an academy or mentorship program to initiate and train young cybersecurity leaders of the future and encourage more women to join the cybersecurity sector. In addition, the academy will be aimed at teaching the basics of cybersecurity through to advanced topics to ensure that the “protectors of the future” begin horning their skills as early as possible. Uganda’s current education system does not offer many cyber security courses as part of the syllabus with only a limited budget allocated to research and development around cybersecurity. With all the emerging technologies like Blockchain, Artificial Intelligence, Machine Learning and other Financial Technologies coming up, it is crucial that we grow cybersecurity professionals from an early age for them to be able to serve their nation and drive economic growth. This will help to reduce on the shortage of staff in the cyber security space. However, in the immediate term, I have embarked on developing short podcasts on cybersecurity topics of interest to sensitize the public on cybersecurity matters. I also continue to maintain my membership with professional organisations such as the CIISec, ISACA, (ISC) 2 and the IAPP and continue to volunteer to speak at various conferences and make presentations that improve public awareness of the cyber security topic. Most recently, I was a speaker and panellist at the just concluded Africa Commonwealth Cyber Conference of 2021.