Muhammad’s father was a software engineer. So, as young gamers, he and his brother saw nothing unusual in designing cheats for computer games, never realising that this was basic hacking. “We would read memory values from a game and then change how much money or health we had. At that age, I think I was just curious and wanted to understand how things work, but the seed was planted.”
Today, after following in his father’s footsteps and gaining a degree in software engineering and a masters in cybersecurity, Muhammad Rezqi is using that same insatiable curiosity to lead Canon EMEA’s Cyber Security Incident Response Team. However, it’s only when you dig into the detail that you understand quite how important and, dare we say it, cool his job is.
Because he and his team are digital detectives. When cyberattacks take place, they are the ones piecing together exactly what happened, collecting evidence and seeking answers. They want to know every detail – how, what and why – not only to try and find out who is responsible but, more importantly, to make sure it doesn’t happen again.
However, there’s a good chance that you had no idea such people exist and that’s because it’s a world which operates very much under the radar, for very good reason. “Because incident response deals with active attacks, most of what we do can’t be shared publicly,” he explains. “Cybersecurity is also quiet by design – people generally only know about us when something has gone wrong. So, if we’re not around then things are going just fine.” However, this doesn’t mean that he and his team are mostly kicking back and relaxing, then dramatically swooping in during times of crisis – far from it. The truth is, they must be ready to leap into action, round the clock, at a moment’s notice. And this is very much a full-time job.
Muhammad (centre) enjoys a team activity day. © Neil King
To start with, to be as effective as possible, they need a strong security baseline from the off – and it has to be continually maintained. “There’s no finish line for this,” stresses Muhammad. “It’s something that needs constant attention.” This is what he considers the first of three cybersecurity priorities for any organisation, the second of which is readiness, “making sure that we have clear, instant response procedures, highly trained teams and excellent tools. Again, this is constant, as we must make sure that everyone knows precisely what to do should an incident happen.”
The third, however, may come as something of a surprise, but is important in all kinds of crises: leadership. “Decisions will need to be made so that the immediate response can be managed well,” he says. “Of course, every company and incident is different but, on the one hand, I’ve seen examples where an organisation had to shut down for three months to recover and, on the other, where a gigantic factory simply switched back to using manual processes – paper documentation! – and it all went smoothly. It’s all in the planning and execution.”
Knowing where breaches tend to originate from is also an important part of the strategy and it seems that three is very much the magic number here too. “From my investigative experience, the first source is human error – unintentional mistakes. The second is system vulnerabilities – no system is ever completely bug free. And the third is human vulnerabilities – such as social engineering or phishing. In reality, the three usually appear all at once.” And while this might lead us to conclude that most cyberattacks begin with a human error, Muhammad could not disagree more.
Muhammad Rezqi
Cybersecurity is also quiet by design – people generally only know about us when something has gone wrong.”
“Instead of asking ‘who made the mistake?’, we should ask, ‘why did this action make sense at the time?’” And when you understand the logic in this, you can immediately spot how his skills as a software engineer and human-centred investigator complement each other perfectly. “People act within systems,” he explains. “So, if people fail, that does not necessarily mean they did so on purpose. The systems allowed it.” This is central to the way Canon views cybersecurity, where a judgement-free ‘open door policy’ is in place and colleagues are encouraged to share their concerns. It’s an approach which builds a culture of trust which, in turn, makes the work of Muhammad and his team so much more effective in the long term.
“My view is that human error is not a cause, it's a symptom,” he stresses. “There will always be questions, but this reminds us to look beyond blame. When we are past the ‘hush hush’ work involved in responding to a cybersecurity incident, we always hold something called a ‘lessons learned meeting’ to discuss what happened. And at no point is this about holding people to account. We just take what we have learnt and use it to come back stronger and better.”
Find out more about careers at Canon.
Related
-
Calm, cool and compassionate: Zoë Rose keeps cybersecurity in vogue
Zoë Rose’s journey into cybersecurity might seem a little unconventional, but today she makes the kind of impact that will never go out of style.
-
How systems thinking creates joined up security
Separating product and corporate security is often the norm, but not at Canon. We’ve taken an integrated approach by looking at the bigger picture.
-
The human nature of cybersecurity
The best cybersecurity experts are the very definition of an all-rounder. They mix strong technical know-how with human strengths and lived experience.
-
Born to hack: Timur Iunusov’s security calling
At age 8, Timur Iunusov was given his first computer – and it changed his life. Today he’s our EMEA Security Research Lead, safeguarding our products.