As a leading cybersecurity consultant, Jenelle Davis has helped protect more than 60 Fortune 500 organizations from a host of online threats. In addition to her work in practicum, she also shares her knowledge of network vulnerabilities in a variety of education settings, including Harvard University Extension School.
Davis is new to teaching at UC Berkeley Extension, but brings a wealth of online security knowledge to the online class Introduction to Cybersecurity, an elective in the Certificate Program in Software Development and Programming.
How did you become a cybersecurity expert?
I started out working in security by accident in 2000. I provided help-desk support for an institution of higher learning that was experiencing a large amount of network abuse and piracy. Eventually, that led to the implementation of an ad-hoc security policy, network abuse monitoring and host revocation. A few years later, I had the pleasure of working at a major telecommunications company in its Security Operations Center (SOC), which was experiencing similar network patterns. After this I served as a lead security consultant for a security consultancy and telecommunications company.
Is there a defined path of languages or set of protocols that you studied, or is it more that you pursued an interest toward a specialty?
There is no defined path of languages or set protocols that I studied initially. Cybersecurity is a pervasive field of study because it affects every aspect of cyber operations. In hindsight, having a solid programming and scripting background is useful for honing in on application security. Similarly, having sound network experience is helpful for segueing into network security. As we transition into the Internet of Things, I anticipate subject matter experts in mobility and cloud computing will also need sound cybersecurity expertise.
I have a strong passion for security evangelism and ensuring industry has a competent workforce to mature the implementation of cybersecurity across industry verticals.
Can you talk a bit about the firm you established, DTG, LLC?
DTG, LLC is a technology solution consulting organization that provides curriculum development, training and software testing services.
What prompted this entrepreneurial move?
After completing my master's degree and obtaining several cybersecurity certifications, I began getting requests to develop curriculum for certification bodies, institutions of higher learning, professional development organizations and publishers. I have a strong passion for security evangelism and for ensuring industry has a competent workforce to mature the implementation of cybersecurity across industry verticals.
It looks like you're a lifelong learner. In addition to your formal degrees, you have numerous certifications. What effect has gaining these certifications had on your skill set and career?
Formal degrees are helpful in providing broad baseline knowledge of a subject area. Certifications and professional development are essential in providing ongoing specialized acumen within a subject area. Gaining cybersecurity certifications can provide a good level-setting for assessing one's applied knowledge in cybersecurity. From a career perspective, cybersecurity certifications can assist in verifying your competency and ability to acquire new knowledge on emerging trends.
What led to your interest in teaching?
As mentioned earlier, I have a strong passion for security evangelism. The best teacher is definitely a lifelong learner. Teaching allows me to help develop and mature a competent workforce while also continuously refining my knowledge and research interests.
Do you have experience in trying to prevent systems and computer attacks?
Throughout my career, I had the privilege of assessing hundreds of networks and applications. Many production applications still implement legacy code that contains little to no native or ancillary security mechanisms. Similarly, modern applications have improved. Many, however, are still prone to classical vulnerabilities such as insufficient transport encryption and cross-site scripting. The response to these incidents includes proper management notification with specific mitigation techniques.
Are there specific languages or skills that someone should master if they are planning to get into the cybersecurity field?
First, if you are interested in cybersecurity you should ask yourself what specific area—such as application, mobile, network, cloud, policy, etc.—of cybersecurity you are most interested in. Based on that, I'd recommend honing in on programming languages specific to that area. For application security: Java and .NET. For mobile security: Java, Objective-C and Swift. For network security: C, Python and Perl scripting languages. For cloud security: C++, Python, Java and Ruby.
Online security threats have been around for a long time. From the I Love You virus to ransomware. What are the top three threats facing computer and network users?
The top three threats will center on application and mobile security. These include inadequate data validation, insecure data storage and inadequate authentication mechanisms.
Inadequate data validation can lead to a variety of exploits including injection, brute force, SQL injection and cross-site scripting, to name a few.
Insecure data storage occurs when data at rest is not encrypted or is encrypted with a broken algorithm. This can, and has, led to data breaches from an application, network, cloud and wireless perspectives.
Inadequate authentication mechanisms occur when there is little to no sound verification on the identity of a subject or a host that is requesting access. This can, and has also led to, data breaches across cybertechnologies.
Jenelle Davis, M.S., CISSP, is a cybersecurity instructor and consultant, and the proprietor of DTG, LLC. Davis has worked in cybersecurity for more than 15 years as a lead security consultant and practitioner. She has served as an instructor of cybersecurity and computer science for over 10 years at institutions of higher learning including Harvard University Division of Continuing Education and Brandeis University. Her expertise includes application security, mobile security, network security and information assurance. In addition to the CISSP, Davis holds CSSLP, CISM and CISA certifications.