A day in the life of Barry Foley, IT Security Officer

8 Nov 2021

A typical day is the life of IT Security Officer Barry Foley.

07:00 - My day starts (as it does for everyone in the house) when my 4-year-old wakes me up. She has worked out how to ask Alexa for the Frozen soundtrack so sometimes that wakes me. Either way, she’s so consistent that there’s no need to set an alarm.

08:00 - After cooking breakfast, I have a very short commute to UCC main campus, so I jump on the bike and I’m in the Kane Building 10 minutes later.

08:15 - I check the cyber security reports from the previous night and follow up on alerts that required immediate action. Education is the most attacked sector with 62% of reported enterprise malware encounters - UCC detects an attempted attack every 2-3 seconds. I catch up on security news from technical news sites and forums and analyse any recent breaches for UCC accounts. Today’s news includes a large-scale ransomware attack and information on recently discovered flaws in Windows and MacOS that IT Services will address in the coming days.

09:30 - MS Teams meeting to discuss security strategy, findings from a recent attack simulation and to set priority levels for the resultant mitigation actions.

11:00 - MS Teams - Technical Change Advisory Board. We discuss how the recent heat wave has led to an increase in failures and how this is driving some of the changes. We discuss the potential impact of proposed IT changes on the operation of the University and advise accordingly.

11:45 - Get coffee in the Student Centre with Arthur Shinnick who’s onsite today and sit out in Honan Plaza.

12:15 - Call with HEAnet to schedule security awareness sessions and security assessments over the next 6 months. The people aspect of IT security is of utmost importance as, despite new attack techniques used by cyber criminals, the vast majority of attacks can still be traced back to a malicious email.

13:00 - Cycle home for lunch.

14:00 - My colleague Ruth Butler has been monitoring the security alerts that have arisen and we discuss any suspicious activity and decide whether further action is required.

14:45 - Conference call with other IT security personnel in the public sector where we discuss the HSE cyber-attack and the ransomware attacks against two higher education institutes in Ireland this year. The sharing of information is extremely useful in identifying the tools and techniques involved in successful attacks. The IT security challenges facing organisations are similar across all areas. It is noted that the higher education sector presents unique challenges - diverse IT requirements, large fast networks, large number of servers visible to attackers. Additional workshops dedicated to cyber-attack response are arranged.

16:00 - Catch up on emails and review requests for external hosting of data. IT Services, the Office of Corporate and Legal Affairs, the Data Protection Office and Procurement meet once a month to discuss and advise on external hosting.

17:15 - Cycle home and cook dinner. In the evening, after playing with the kids, I usually go for a cycle - a routine that I’ve tried to keep going from lockdown. I head out to Blackrock and on to Passage and back in through town. My attempt at digital downtime in the evening doesn’t always go well but I’m reading a good book at the moment, The Power by Naomi Alderman, so that helps.