Cloud security analyst Isabel Castillo discusses future cyber vulnerabilities and the importance of reskilling to stay ahead of malicious behaviours.
For Isabel Castillo, a love of puzzles and the many challenges of the cybersecurity sector have been a constant draw. Currently a cloud security analyst at cybersecurity threat mitigation platform Lastwall, Castillo honed her skills in prestigious institutions such as Harvard, as well as in the US army, where she applied her talents to cyber military operations.
Working primarily in security information and event management (SIEM) configuration and vulnerability management, a significant aspect of her role is the fortification of systems to withstand emerging threats. “One of the key challenges I’ve faced is the constant evolution of the cybersecurity landscape, which can make it difficult to stay up-to-date with the latest knowledge and skills,” explained Castillo.
To overcome this, she developed a rigorous plan, where she set achievable goals, allowed time for learning, pursued additional training and created a rewards system that held her accountable for reaching milestones. “This approach has helped me stay current with industry advancements and continuously grow in my role,” she said.
Future vulnerabilities
As the world continues down the path towards mass digitalisation and innovation, more and more threats to the cybersecurity landscape are emerging. According to estimates from Statista’s Market Insights, the global cost of cybercrime is expected to surge in the next four years, rising from $9.22trn in 2024 to $13.82trn by 2028.
“With emerging technologies comes an increase of vulnerabilities and a greater emphasis on leveraging AI to mitigate these vulnerabilities, along with guidance from compliance authorities, who are under pressure to adapt and evolve as well.”
According to Castillo, one such threat posing a risk to the future of global cybersecurity is the growth of quantum computing. Research suggests that, as quantum computing advances to a point where it can break traditional cryptography, the need for security innovations will be crucial. For Castillo, institutions will have to work together to create future digital infrastructure that can withstand the consequences of advanced quantum.
“Organisations must demonstrate the ability to not only adapt but do so in a way that will minimise the attack surface and prepare for future quantum-related vulnerabilities. A collaborative effort between organisations is key to ensuring we keep information safe.”
“For future vulnerabilities, I would focus on vulnerability management in the post-quantum world. This introduces added complexity from integrating quantum-resistant algorithms and technologies, along with potential risks of quantum-related attacks, even though quantum computing is not yet fully developed,” she said.
Future skills
Castillo doesn’t necessarily agree that there is a skills gap contributing to the lack of preparedness in tackling future cybersecurity problems. Rather, she is of the opinion that there is a mismatch between what companies expect from junior-level applicants and what is being taught in educational institutions.
She said, in her experience “a junior applicant’s attitude weighs heavier than their knowledge”. Organisations are looking for people with ambition, grit and a touch of humility, who are willing to be trained.
“Constant upskilling and reskilling are crucial because staying ahead of threat actors requires continuous learning. As technology evolves, so do the tactics of those looking to exploit it. To effectively protect systems, you must keep pace with these advancements. In short, you need to improve along with it.”
A trend she has noticed is a rise in privacy enhancing technologies (PET), stemming from the growing consumer demand for information security, noting it is important to remember that people with malicious intent can also benefit from advancements in technology. “This is a double-edged sword, as enhancing privacy can also provide anonymity for threat actors,” she explained.
“The main goal is to allow individuals to control their identity and credentials, reducing reliance on centralised databases that are vulnerable to attack. Essentially, these technologies are adapting to avoid having a single point of failure.”
Future professionals
For those considering a career in the realm of cybersecurity, Castillo would suggest dedicating two or three weeks to an exploration of all the different facets of the industry. “Once you’ve pinpointed your focus, dive deep into the field and take advantage of all the free resources available to build your skills and knowledge.”
She would discourage people from moving too fast and jumping into the sector without fully understanding exactly what the role entails, as often, professionals find that they become frustrated and confused by the lack of a clear direction.
“It’s not the speed that will get you there, it’s the knowledge and the application of it. Others ask for projects to do, to get in, when in fact the best project you can embark upon is the one you are passionate about and you’ll only know that by spending time learning which sector you like the most.”
Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.