Turn On Your Future @ UWTSD's School of Applied Computing & Electronics

Posts tagged ‘CyberSecurity’

Industry talks: Cybersecurity & Governance

Today’s blog looks back at two recent industry talks organised by our colleague Professor (Associate) Carlene Campbell, who organised two talks to allow our students to gain a deeper understanding of the contemporary challenges in Cybersecurity, data governance, and regulatory compliance. Exploring how modern cyberattacks operate and how organisations can prevent and respond to them.

Both sessions emphasised practical examples, case studies, and interactive discussion to help our students better understand the real nature of the topics in industry and their future professional responsibilities.

Talk 1: From Code to Industry: Data Security, Governance and Compliance in the Real World

Delivered by Dr Odayne Haughton, Lecturer in Information Science at the School of Computing & Creative Technologies (University of West England)

This talk introduced students to the practical realities of managing data securely and responsibly within modern organisations. Rather than viewing security incidents solely as technical failures, the session highlighted how many major data breaches are rooted in weak governance structures, unclear accountability, and poor compliance practices.

Key themes and topics:

  • The three pillars of data responsibility: clear differentiation between data security, data governance, and regulatory compliance, and why none of these can operate effectively in isolation.
  • Breaches as governance failures: analysis of real‑world incidents such as Equifax and Uber to demonstrate how cultural, procedural, and oversight issues often underpin technical compromise.
  • Regulatory and standards landscape: introduction to GDPR and UK GDPR, ISO/IEC 27001 and 27701, and the NIST Cybersecurity Framework, with a focus on what these mean in day‑to‑day professional practice.
  • Ethical implications: discussion of how poor compliance can result in misuse of personal data, bias, and long‑term damage to public trust.
  • Security by design and compliance by default: embedding governance into the software development lifecycle using logging, encryption, audit trails, access control, MFA, and management of third‑party risk.

Interactive Activity:

A group‑based scenario formed a central part of the session. Students worked through a simulated cloud‑services breach, taking on roles such as Data Protection Officer, Security Lead, Developer, and Product Owner. The exercise required them to identify governance failures, compliance violations, and immediate remediation steps, reinforcing the need for cross‑functional collaboration.

Key takeaway:

Students left the session with the understanding that data breaches are rarely caused by code alone. Effective data protection depends on governance structures, organisational culture, and shared responsibility across technical and non‑technical roles, and failures in these areas can have lasting legal, financial, and reputational consequences.

“The Guest Lecture introduced students to the practical realities of managing data security, governance, and regulatory compliance in modern computing environments. With a strong focus on real-world breaches, emerging global standards, and compliance requirements. The session bridged the gap between academic learning and professional responsibilities in industry.” – Carlene Campbell (Professor (Associate) at UWTSD’s School of Applied Computing.

Talk 2: Cybersecurity Awareness in the Modern Era
– Understanding how modern Cyber attacks happen and how we stop them

Delivered by Vignesh Balasubramanian (Director and co-founder of Sentronyx Technologies Pvt. Ltd) and Amit Shrivastav (A Cybersecurity professional & Senior Security Analyst at Sentronyx Technologies)

The second talk focused on helping students understand how and why modern cyberattacks occur, and how organisations attempt to defend against them. Framed within the realities of cloud adoption, hybrid working, and AI‑enabled tooling, the session positioned cybersecurity as both a technical and human challenge.

Key themes and topics:

  • Why cyberattacks happen: exploration of attacker motivations including financial gain, disruption, revenge, and curiosity, and how these motivations shape attack strategies.
  • Modern business infrastructure: overview of contemporary environments including cloud platforms, identity systems, endpoints, and collaboration tools, alongside the role of human behaviour in security outcomes.
  • Evolution of authentication: progression from passwords to MFA, biometrics, and adaptive authentication, and the parallel evolution of attacker techniques such as phishing kits, token theft, session hijacking, and MFA bypass.
  • Applied attack case study: detailed examination of Microsoft 365 MFA bypass frameworks, providing real‑world examples of account takeover and the global implications for organisations.
  • Defence in depth: discussion of countermeasures including secure authentication design, user awareness, zero‑trust principles, and detection strategies.
  • Offensive and defensive collaboration: the role of red and blue teams, and how leadership decisions shape an organisation’s overall security posture.

Interactive discussion:

The session included open Q&A and practical discussion, allowing students to explore topics such as phishing detection, threat simulation, and attack surface analysis in a real‑world context.

Key takeaway:

Students gained a clearer picture of cybersecurity as an ongoing contest between attackers and defenders, where technology alone is insufficient. Awareness, collaboration, and informed leadership are essential to building resilient organisations in a rapidly evolving threat landscape.

“This guest lecture used a number of live demonstrations to help students understand how and why modern cyberattacks occur, how attackers evolve to bypass defenses, and how ethical hacking contributes to stronger cybersecurity. It explored real-world attack techniques, and the critical role of offensive and defensive security activities in building resilient organizations.” – Carlene Campbell (Professor (Associate) at UWTSD’s School of Applied Computing.

Final Remarks:

Both talks strengthened our students exposure to real‑world practice, offered a complementary view of modern digital risk, from governance and regulatory responsibility to the tactics used in real‑world cyberattacks. By grounding theory in industry practice and interactive learning, the sessions reinforced the importance cybersecurity and data protection as imperative organisation‑wide concerns.

For more information about our Computing & CyberSecurity courses please click here: Computing | University of Wales Trinity Saint David

Category:

Uncategorized

Tagged with:

New Appointment: Elliott Atkins – Professor of Practice in Applied Computing

Celebrating a New Appointment:
Elliott Atkins joins UWTSD as Professor of Practice in Applied Computing

We are delighted to announce the appointment of Elliott Atkins as a new Professor of Practice within the Applied Computing Academic Discipline at the University. This distinguished role recognises Elliott’s exceptional professional achievements and industry expertise he brings to our university community.

Speaking after his appointment, Elliott said “I’m delighted to have been appointed as a Professor of Practice at the University of Wales Trinity Saint David. I’m really looking forward to sharing real-world insights and experience with students, early-career academics and staff, as well as contributing to curriculum development across the Applied Computing, Cyber Security, and Digital Forensics programmes.”

With a career spanning nearly three decades at the forefront of global cyber security, incident response, and national digital resilience, Elliott’s appointment strengthens and will further enhance real‑world industry learning experiences for our students.

A Leader in National Cyber Security:
Elliott is an internationally recognised leader in the field of cyber security. Over the course of his distinguished career, he has held several high-profile positions central to the UK’s national cyber resilience, including:

  • Managing Director of Exercise3: an NCSC‑assured provider of realistic cyber incident exercises, founded by Elliott in 2014 to prepare organisations for complex cyber crises using highly accurate scenario‑based training.
  • Head of the UK Government’s Computer Emergency Response Team (GovCertUK) at GCHQ, leading 24×7 national incident response operations.
  • Head of Cyber Intelligence at QinetiQ, contributing to defence and national security innovation.
  • Head of Incident Response at Nominet, the UK’s top‑level domain registry, overseeing the protection of critical national internet infrastructure.
Fig.: Exercise3

Elliott’s influence also extends internationally, as he serves as the UK liaison member of FIRST, the global forum for incident response teams, helping shape standards and collaboration across more than 800 CSIRTs worldwide.

Royal Appointment: CISO to the Royal Household:
A unique highlight in Elliott’s career is his appointment by Her Majesty Queen Elizabeth II as the Royal Household’s first Chief Information Security Officer in 2021. This role was created as part of a heightened national effort to strengthen the monarchy’s cyber security posture against increasingly sophisticated threats. His appointment was a key step in safeguarding sensitive digital assets across the Royal Household.

Honours, Fellowships, and Industry Recognition:
Elliott is a Fellow of the British Computer Society, a recognition of his sustained contribution to the advancement of cyber security practice.

Fig.: British Computer Society

He also has a long record of community and charitable leadership. Outside the digital realm, Elliott is passionate about aviation heritage and serves as Chair of Trustees of the Panavia Tornado Preservation Group, a charity dedicated to preserving the iconic Tornado aircraft and inspiring future generations of engineers and aviators.

Fig.: Tornado GR.1P at South Wales Aviation Museum

Elliott’s commitment to developing cyber resilience and technical capability aligns strongly with UWTSD’s mission to prepare graduates for critical roles in an increasingly digital world.

A Transformative Contribution to UWTSD:
As a Professor of Practice, Elliott will play a significant role in enhancing the Applied Computing provision at the university. He brings world‑leading expertise and will help support our programmes in cyber security, digital forensics, and incident response. This is an extraordinary opportunity for students, staff, and partners alike to engage with one of the UK’s most experienced practitioner‑leaders in cyber security.

With gratitude, we warmly welcome Elliott to the university and look forward to the contribution he will bring to our community.

~

Category:

Uncategorized

Tagged with:

Graduate profile: Dale Warner

Graduate profile for Dale Warner, a Solutions Engineer at Cisco.

"Exposure to new and challenging events is critical. Everyone is winging it; no one can know it all."

"Creativity requires play, and play can be messy. Embrace the cluttered desk!"

"My days can range from face-to-face customer meetings across the UK, building high level plans/designs/BoMs from my home office, or turning my time to study so I can stay on-top of the latest technology trends."

Q. Name: Dale Warner

Q. What was your university course: BSc (Hons) Computer Networks

Q. Job title and role? Solutions Engineer at the Central Government Team at Cisco

Q. Briefly describe the organization you work for? Cisco are the market leader when it comes to networking. They also provide cutting edge technologies and services across a wide range of areas; Security, collaboration, observability, to name a few.

Q. Which skills learned at university are helpful to you in your job? While at university the most important skill I learned was how to concisely present a complex idea or solution. Being able to do so allows me to talk and explain new products and ideas to customers, cutting out all the unnecessary fluff.

Q. A typical day and how would you describe it? Like any engineer, two days are very rarely the same. But I talk with customers about their technical issues and look to provide Cisco solutions to bridge the gap. This requires me having a board understanding of a range of technologies and where/how Cisco products can be used. My days can range from face-to-face customer meetings across the UK, building high level plans/designs/BoMs from my home office, or turning my time to study so I can stay on-top of the latest technology trends.

Q. What aspects of your job do you enjoy most? I enjoy meeting customers, understanding their needs, and proposing suitable solutions. This, alongside learning on the latest technologies and having a future vision of the technology industry.

Q. Advise for students who would like to start a Career? It’s okay not to have an end goal, so long as you know what you want to do next. When your end destination isn’t set you can put all your effort into achieving your next goal. Exposure to new and challenging events is critical. Everyone is winging it; no one can know it all.

Q. A quote that you like / live by / inspires you?
My favorite quote is a quip from Albert Einstein “if a cluttered desk is a sign of a cluttered mind, of what, then, is an empty desk a sign?” I’d like to add – creativity requires play, and play can be messy. Embrace the cluttered desk!


Thank you for your profile Dale, it will help to inspire current and future students.
We are most grateful. We hope to see you at future alumni events.
Well done and Congratulates on your success Dale.
Da iawn a llongyfarchiadau Dale

~

Category:

Uncategorized

Tagged with:

Skills Synergy 2025

The School of Applied Computing at University of Wales Trinity Saint David are thrilled to announce the annual ‘Skills Synergy 2025‘ event hosted at Swansea Arena.

A dynamic day of learning, and competition for students and networking for Teachers. The student events are designed to inspire, challenge, and showcase skills in Web Technologies, Cybersecurity, and Network Systems Administration, tailored for Year 12, Year 13, and Further Education students.

Student Team Competitions:

A taster competition event to give an experience to the participants about the competitions and competition environment.

Students who are interested in one or more than one of the below domains are welcome to register. Students will get a taste of the competition with a briefing about competitions followed by a small competitive activity.

Schools/FE’s can register their students who are interested to get a taste on competitions like Web Technologies, Cybersecurity, and Network Systems Administration.

Limited Registrations. First come First Serve. Register immediately.

Taster Sessions for School Students:

Explore Computing (Cybersecurity, Digital Forensics, Software, Artificial Intelligence, Data Science), Electronics, and Games Design, Development, Animation, VFX in engaging hands-on sessions.

Cisco Instructors Conference:

A parallel session for Head Teachers, Teachers, Lecturers and Cisco Networking Academy Instructors to share best practices, network, and collaborate.

Event Details:
Date: 26th March 2025
Time: 09:30 AM – 02.00 PM.
Venue: Swansea Arena

For further information and inquiries, please contact Nitheesh Kaliyamurthy via email: n.kaliyamurthy@uwtsd.ac.uk

For further information about Computing & Computer Science courses at UWTSD Swansea, please click here.

– — — — — — — — –

Category:

Uncategorized

Tagged with:

Guest Lecture: Network Automation and CI/CD

Guest Lecturer:
Nagaraj Ravinuthala

This week, Nagaraj Ravinuthala, a DevOps trainer at HCL Technologies Limited and a specialised trainer for WorldSkills UK Squad on Infrastructure Automation, delivered a Guest Lecture on Network Automation and CI/CD to our students.

The lecture began with basic yet powerful concepts of deployment and CI/CD, connecting the dots between writing code, integrating APIs, and automating the process of pushing updates live. The session emphasized simplicity and clarity, presenting CI/CD as a pipeline that automates code testing, integration, and deployment to production environments.

“Think of CI/CD as a conveyor belt for your code,” explained Nagaraj. “You write it, test it, and deploy it—all in a streamlined process that ensures faster delivery and better reliability, which are essential in modern network automation workflows.”

Students were introduced to tools and techniques aligned with Cisco’s CCNA DevNet, providing a glimpse into industry-standard practices. To make deployment relatable, the lecturer drew parallels with the earlier lectures on Python and API during their Network Programmability Module where the students integrated the OpenWeather API creating and running a Python script, and explaining that deployment involves taking code that works locally and making it accessible to users.

The session concluded with an interactive Q&A, where students enthusiastically asked about real-world applications of network automation and the career paths that mastery in CI/CD can unlock.

This guest lecture was an eye-opening experience for students, sparking curiosity and laying the foundation for further exploration in network automation. It was a step toward preparing them for the evolving demands of the industry.

We would like to thank Nagaraj Ravinuthala for taking time to speak and share valuable industry knowledge with our students.

For further information about our courses, please click-here.

Category:

Uncategorized

Tagged with:

MSc Project: Cyber Security

Student name:
Sakthi Sangeetha Kandaswamy

MSc Project title: Analysing risk in Vulnerability Assessment and Penetration Testing Methodology

Course: MSc Cybersecurity and Digital Forensics

Introduction/rationale:
The motivation behind choosing the project stemmed from the growing need for more structured and standardized approaches to penetration testing and vulnerability assessment. With cyberattacks becoming increasingly sophisticated, organizations struggle to identify and remediate vulnerabilities efficiently.

TECH TERM: Penetration testing, often referred to as ‘pen testing‘, is a cybersecurity practice where ethical hackers simulate cyberattacks on a computer system, network, or web application to identify vulnerabilities that could be exploited by malicious hackers. The main goals of penetration testing is to:
1. Identify security weaknesses
2. Assess the effectiveness of security measures
3. Improve overall security posture: By identifying and fixing vulnerabilities, organizations can strengthen their defenses against potential cyber threats.

The MITRE ATT&CK Framework provides a well-defined structure for understanding adversarial techniques and tactics, making it ideal for enhancing VAPT (Vulnerability Assessment and Penetration Testing) methodologies. This project aimed to leverage MITRE’s capabilities to analyze risk, improve testing scope, and ensure that testing efforts are comprehensive and aligned with real-world threats.

Project overview:
In this project, we integrated the MITRE ATT&CK Framework into the traditional VAPT methodology to refine the testing scope and increase effectiveness in detecting vulnerabilities. The steps involved included:

  • Defining the Scope: The project began by clearly defining the boundaries and goals of the penetration test. Using the MITRE Framework, specific attack vectors and techniques relevant to the organization’s environment were identified.
  • Conducting Vulnerability Scanning: Automated tools were used to perform initial vulnerability scans, identifying weak points that attackers might exploit.
  • Simulating Attacks Using MITRE Tactics: We designed attack scenarios based on the tactics and techniques outlined in MITRE ATT&CK, simulating adversarial behavior. This allowed us to target the actual risks that real attackers would exploit, rather than theoretical vulnerabilities.
  • Analyzing Results and Refining Scope: Post-attack analysis identified network gaps and weaknesses in current defenses. The scope of the testing was iteratively refined based on these findings.
  • Reporting and Remediation: Finally, comprehensive reports were generated, providing actionable insights for the security team, along with specific recommendations for closing vulnerabilities.

Visual Representation: A flow diagram illustrating the process of integrating MITRE with VAPT in Penetration Testing Stages, is located below:

Project outcome & conclusion:
The integration of the MITRE ATT&CK Framework significantly enhanced the scope and depth of the VAPT process. By aligning testing activities with real-world adversarial tactics, the project was able to identify previously overlooked risks and vulnerabilities. The methodology provided a more focused, risk-based approach to penetration testing, ensuring that organizations could better prepare for and mitigate threats. The project demonstrated that using MITRE not only strengthens the identification of vulnerabilities but also offers a more comprehensive understanding of the adversarial techniques that could affect critical systems.

OpenVAS is a full-featured vulnerability scanning tool, that was used for this purposes of this project. An example output of vulnerability findings can be seen below:

Q. What Career and job role are you hoping to move into after graduation?
After graduation, I am hoping to pursue a career in cybersecurity, with a specific focus on roles like:

  • Penetration Tester: Using tools and methodologies (such as MITRE ATT&CK) to identify vulnerabilities in an organization’s IT infrastructure.
  • Cybersecurity Analyst: Monitoring, analyzing, and defending against cybersecurity threats.
  • Security Consultant: Advising organizations on how to improve their security posture by implementing effective VAPT practices.

These roles align with my passion for understanding and mitigating cyber risks, particularly in offensive security and ethical hacking.

Q. Please share a top tip/advice for students who are interested in completing a University Degree?
My top tip for students is to focus on practical applications of what you learn. Theoretical knowledge is important, but real growth happens when you apply it in real-world scenarios, whether through internships, projects, or labs. Hands-on experience not only solidifies your understanding but also makes you more marketable in the job market.

For further information about Computing courses at UWTSD, please click-here.

~

Category:

Uncategorized

Tagged with: