Secure System Architecture and Design: Cyber’s Yellow Team
Cyber attacks are increasing year on year, and as malicious hackers get more inventive, so too do cyber security professionals as they work to keep essential digital infrastructure secure.
Due to this, much of cyber defence can be perceived as reactive to the general public. However, a system will hugely benefit from a secure design from the outset rather than relying on retroactive fixes.
Known as the yellow team in cyber professional circles, these are the people with a security first mindset who focus on building a system that is as secure as possible from the outset. Once built, the red team, also known as ethical hackers, stress test the finished system to identify any potential weaknesses so that they can be remedied. It’s vital that the yellow team creates the strongest possible system, as this can determine whether an organisation’s data remains secure when under attack.
As a result, secure system architects are some of the most technical roles in cyber security, suiting candidates that enjoy complex problem solving, as well as good team players who can cooperate with the red and blue teams.
However, being a part of the yellow team isn’t all about building systems with security in mind, it’s also about catching those with malign intentions. This is often done through a ‘honeypot’, or a trap laid to catch hackers. These are sacrificial computer systems intended to attract threat actors, which can provide useful information about their methods when designing stronger systems. It can also distract cyber aggressors from other more important targets, drawing attention away.
Information gained through honeypots can help not only the yellow team in building more secure system architecture, it can also provide useful information for the red and blue teams to understand the methods of cyber criminals.
As social engineering attacks are also on the rise, which involve a perpetrator using manipulative communication tactics to gain information, it can also be the job of the yellow team to educate the workplace on the risks of such communications. This prevents unsuspecting staff members from giving away vital information about the secure system the yellow team have worked to build.
As a specialism, secure system design can lead in many directions. Career progression can look like moving into other developmental roles, secure operations, or cyber security management.
Earlier this year, the Council launched its security testing pilot programme, creating the first opportunity for cyber professionals to become chartered practitioners. Keep an eye on the Council’s website for updates on becoming chartered in secure system architecture and design.
To learn more about careers in cyber’s yellow team, visit: https://www.ukcybersecuritycouncil.org.uk/careers-and-learning/cyber-career-framework/secure-system-architecture-design/