skills Archives - Security IT Summit | Forum Events Ltd
Posts Tagged :

skills

CIISec CyberEPQ qualification will kick-start cyber security careers

960 640 Guest Post

The Chartered Institute of Information Security (CIISec) is now managing the UK’s first and only Extended Project Qualification (EPQ) in cyber security. The Level 3 CyberEPQ will give anyone from 14 years old the best possible opportunity to kick-start their cyber security career and will integrate with CIISec’s broader development programmes to provide a clear pathway to progress.

Originally introduced by Qufaro in 2016, the CyberEPQ provides a starting point for anyone considering a career in cyber security. Now under CIISec’s management, and with rebranding underway, the qualification will become a more integral part of helping people to start and then progress their cyber security careers, from apprenticeship to university to full employment. It will open access to the full support of a professional body and an extensive community, ranging from students and academics at CIISec’s academic partner institutions through to established security professionals and corporate partners.

“We’re delighted to welcome the Level 3 CyberEPQ into our broader programme,” commented Amanda Finch, CEO of CIISec. “This qualification provides a springboard for individuals to start their careers, and, embedded within our development programme, it will help individuals to understand exactly what skills are needed to progress in their roles. From cyber digital investigation professionals to system architects and testers to cryptographers to risk management professionals, the variety of roles available in the industry is vast and there are opportunities out there for everyone. This qualification will play a key role in attracting a fresh pool of talent, which the industry so desperately needs to keep up with evolving cyber threats.”

The qualification is underpinned by CIISec’s skills framework, which is designed to help individuals and organisations understand precisely what skills are needed to fulfil a specific role at a specific level. Students that enrol in the CyberEPQ will also have access to CIISec’s development programme, which supports individuals and their employers at all stages of their career, from apprenticeships to junior-level associates, to full members and people at the peak of their careers.

Contact the CyberEPQ team at CIISec for further information – cyberepq@ciisec.org.

https://www.ciisec.org/
https://cyberepq.org.uk/

The Synack platform expands to confront the cyber skills gap

960 640 Guest Post

By Peter Blanks Chief Product Officer, Synack

At Synack, we’re committed to making the world a safer place. We’re doing that by helping organizations defend themselves against an onslaught of cyberattacks. We’re doing it by harnessing the tremendous power of the Synack Red Team, our community of the most skilled and trusted ethical hackers in the world, and through the most-advanced security tools available today.

Now, the Synack Platform is expanding to help organizations globally overcome the worldwide cybersecurity talent gap. I am excited to announce the launch of Synack Campaigns to provide on-demand access to the SRT, who will be available 24/7 to execute specific and unique cybersecurity tasks whenever you need them — and deliver results within hours. This new approach to executing targeted security operations tasks will fundamentally change organizations’ approach to cybersecurity by providing on-demand access to this highly skilled community of security researchers.

During my time at Synack, I’ve seen firsthand how the Synack Operations and Customer Success teams creatively engage with the SRT to address a growing range of clients’ security operations tasks, in addition to our traditional vulnerability discovery and penetration testing services.

Now, we are making these targeted security activities directly available to every organization in the form of Synack Campaigns, available through the new Synack Catalog, also launching today on the Synack Client Platform.

The new Synack Catalog, where customers can discover, configure, purchase and launch Synack Campaigns is available now on the Synack Client Portal. Please speak with your CSM to have this feature enabled for your organization.

I know from speaking to our clients across multiple industries that security teams are struggling to keep pace with the speed of product development. At the same time, they are trying to scale defenses to meet the complexity and magnitude of today’s threats. Our customers ascribe challenges with their growing backlog of security tasks such as CVE checks and cloud configuration reviews. On top of all of that, there’s the need to implement industry best-practice frameworks such as OWASP & Mitre Att&ck. Essentially, customer security teams are struggling with demanding workloads and have asked us for assistance in a number of areas:

  • On-demand access to talented Synack Red Team members who are available 24/7 and capable of completing diverse security operations activities across a growing range of assets.
  • A flexible security solution that can be configured to meet their specific needs in one centralized platform with their existing pentesting insights.
  • A security solution that delivers results quickly (hours and days, not weeks or months) and is aligned with their agile development processes.

Synack Campaigns expands the core capabilities of the Synack Platform, including our trusted community of researchers, an extensive set of workflows, payment services, secure access controls and intelligent skills-based task-routing to provide customers with the ability to execute a growing catalog of cybersecurity operations.

With Synack Campaigns our researchers can augment internal security teams by performing targeted security checks such as:

  • CVE and OWASP Top 10 vulnerability checks
  • Cloud Configuration Checks
  • Compliance Testing (NIST, PCI, GDPR, etc.)
  • ASVS Checks

Synack Campaigns are built to complement our vulnerability management and pentesting services, and help customers achieve long-term security objectives, such as Application SecurityM&A Due Diligence, and Vulnerability Management.

Level up in 2022 with these online courses for IT security professionals

960 640 Stuart O'Brien

Our selection of online courses tailored specifically for the IT Security sector will enable you to both learn new skills and improve existing ones – sign up today!

These are specially-curated online courses designed to help you and your team, improve expertise and learn new things.

The IT and Personal Development online learning bundle provides you with over 50 courses, which cover all areas of both professional and personal development:

  • CSS Certification Level 1
  • HTML 5 Certification Level 2
  • Introduction to Cloud Computing Certification
  • IT Security Certification
  • Website Development Foundations Certification
  • WordPress Certification
  • How to Handle Criticism at Work Certification
  • How to Improve Your Mental Health Certification
  • Building Your Confidence and Self-Esteem Certification
  • Managing Teams Certification
  • Master Planning Certification

And many more!

Find out more and purchase your online bundle here

For just £99 +vat (usually £149), you can share the courses with your colleagues over a 12-month period.

Additionally, there are a variety of bundles available on all spectrums;

  • Personal & Professional Development
  • Healthcare
  • Sports & Personal Development
  • Human Resources
  • Customer Services
  • Health & Safety
  • Education & Social Care Skills
  • Sales & Marketing
  • IT & Personal Development

Book your courses today and come out of this stronger and more skilled!

5 innovative cybersecurity training methods to try in 2021

960 640 Guest Post

By Juta Gurinaviciute, Chief Technology Officer at NordVPN Teams

As much as 88% of data breaches are caused by human error, but only 43% of workers admit having made mistakes that compromised cybersecurity. In the past year a third of the breaches incorporated social engineering techniques and the cost of a breach caused by a human error averaged to $3.33 million

To mitigate the risk, enterprises develop complex cybersecurity strategies and action plans, yet they are insufficient unless acknowledged by every member of their organization. Half of the Chief Information Security Officers (CISOs) plan to extend cybersecurity and privacy into all business decisions and that makes it every employee’s concern. 

With the ever-changing and evolving digital threats, maintaining cyber resistance is no longer limited to IT and security officers and depends on every member of the organization. Constant training is a way to build the team’s resilience against threats, yet it is not uncommon for them to turn into dull PowerPoint sessions, after which few remember the safety measures they should take. The problem is amplified by the workforce operating from home and not subscribing to security policies of the company.

CISOs and other stakeholders can grab employees’ attention by changing the methods of the regular cybersecurity training. Those who found training to be very interesting were 13 times more likely to change the way they think about cyber threats and protection against them. Therefore, organizations should seek memorable, entertaining and accessible ways to talk about complicated security matters.

5 ways to make cybersecurity training more attractive

Gamify it. Dull figures slide after slide, myriads of ‘dos and don’ts’ along with knotty safety procedures make the process lethargic. Quizzes, games, prizes and quality time with colleagues will enhance enjoyment and learning. Interactive activities boost engagement and thus yield better results when it comes to teaching staff about cybersecurity. 

Engage in friendly competition. The key element of the gamification is competition. However,  putting a prompt question within the video lesson or offering ‘innovative’ content is not enough. People are engaged when they have an incentive, be it a prize or pride. Companies should organize monthly, quarterly or yearly competitions to keep a workforce constantly aware of new threats and how to tackle them.

Make it rewarding. Turn the right answer into a badge, a discovered vulnerability into a star, and a year without an incident into a holiday bonus. People expect feedback while participating in a competition, and the reward system is the optimal way to do it. Instead of giving an opinion to everybody in private, security and IT professionals can award the achievements. They also help to track the progress of each employee and take the precautions if necessary.

Turn it into a team effort. Staying protected from breaches and attacks is everyone’s interest. Thus employees should be encouraged to work in teams and solve riddles with their colleagues. In a cybersecurity workshop, for instance, employees can be asked to craft a phishing email. This encourages them to find out more about this criminal technique, to look at the examples of it and thus recognize them at the first glance next time. 

Be understood. For information security professionals, IT and cybersecurity jargon is a native language.  Yet for accountants, marketers and many others it’s just a meaningless jabber. Make sure to speak clearly and to explain every term in plain language so the relative layman understands and remembers.

These tips also apply when teaching the staff how to use various cybersecurity tools, such as cloud services or VPNs. With people working remotely, many of them face the need to use two-factor authentication or secure connection for the first time as it was readily available by default at their usual workstations. Now they have to care for their and their company’s protection themselves. 

Cybersecurity is no longer a thing only information security and IT departments care about. As many workplaces rely solely on digital solutions which are used by the entire workforce, staying protected against cyberattacks requires everyone’s joint effort. The main notions of data security must be conveyed in an appealing manner.

Learn new things in 2021 with our online courses for online security professionals

960 640 Stuart O'Brien

Our selection of online courses tailored specifically for the IT Security sector will enable you to both learn new skills and improve existing ones – sign up today!

These are specially-curated online courses designed to help you and your team, improve expertise and learn new things.

The IT and Personal Development online learning bundle provides you with over 50 courses, which cover all areas of both professional and personal development:

  • CSS Certification Level 1
  • HTML 5 Certification Level 2
  • Introduction to Cloud Computing Certification
  • IT Security Certification
  • Website Development Foundations Certification
  • WordPress Certification
  • How to Handle Criticism at Work Certification
  • How to Improve Your Mental Health Certification
  • Building Your Confidence and Self-Esteem Certification
  • Managing Teams Certification
  • Master Planning Certification

And many more!

Find out more and purchase your online bundle here

For just £99 +vat (usually £149), you can share the courses with your colleagues over a 12-month period.

Additionally, there are a variety of bundles available on all spectrums;

  • Personal & Professional Development
  • Healthcare
  • Sports & Personal Development
  • Human Resources
  • Customer Services
  • Health & Safety
  • Education & Social Care Skills
  • Sales & Marketing
  • IT & Personal Development

Book your courses today and come out of this stronger and more skilled!

5 Minutes With… Stephen Whatling tackles the skills shortage in digital infrastructure

960 640 Stuart O'Brien

In the latest instalment of our IT security industry executive interview series, we spoke to Stephen Whatling (pictured), Chairman at BCS Integrated Solutions, about the skills shortage within digital infrastructure and how we can attract new talent to the sector…

Will the widely reported ‘skills shortage’ in the sector start to cause real problems? 

The continuing fight for a limited talent pool is set to get worse and there are real concerns that it will impact the sector’s ability to deliver the increasing demand driven in part by changes accelerated by the pandemic. 

The skills shortage in the industry has been an issue for over a decade with the financial crash in 2008 leading to a lost generation of technical engineers which has been slow to recover. Recently there have been some promising industry initiatives but many have been put on hold due to the pandemic. Ongoing uncertainty around this year’s A level results, challenges for first year University students and a decision by many organisations that taking on graduate trainees and/or apprentices is just not practical has effectively put us back to square one, (although at BCS we have forged ahead with our graduate and apprenticeship programme) and these decisions may be ones that many come to regret in the future. 

How can the sector increase talent coming into the industry?

Firstly, we need to act as ambassadors for the industry and what it offers. We need to get out there and tell young people what a great career we can offer and the opportunities available. Primary and secondary school visits are very important for us to explain in simple terminology the crucial infrastructure that supports the digital world. that we work in. Careers fairs are also vital. When discussing with school leavers IT and Technology, their focus was often on software, gaming and applications and they hadn’t considered data centre construction as an employment option, but without us, none of the technology to do that works.  

We need to communicate to all the talent out there about the importance of the invisible and vital infrastructure.

What are you looking for in an apprentice/graduate?

Curiosity and tenacity. The next generation are great at coming up with new ideas and solutions, and we need this more than ever. We want apprentices to ask why we’re doing things a certain way and to never be afraid to challenge the status quo. Resilience is also key. When you fall down early on in your career, it’s vital to get back up and go again. 

What are the challenges for you as an employer taking on apprentices and graduates?

Time is the biggest factor as we need to commit to ensuring that we are able to help support and develop the next generation. This is hard in challenging times and in an industry where things are changing at a rapid pace and we need to respond to those changes.  

The personality of an individual is always something that plays a big part, because we need them to fit our culture and work within a team. A sense of humour is also something we rate very highly – you need one in our sector!  

If you could give one piece of advice?

Embrace it, get out there and start a great career, never be scared to ask a question, challenge the norm and the establishment. Be prepared to question the experts and know that if you’re asking a question, there will be others in the room who want to know the answer too. Get stuck in, have fun and express yourself. 

Solving the data centre skills shortage

960 640 Stuart O'Brien

By Stephen Whatling, Chairman at BCS

The growth in demand for data centres worldwide has posed many challenges in recent years and this has now been expedited by the Covid-19 pandemic. Following a major uplift in demand for data services since March, the need for a resilient data infrastructure has never been greater.

However, this year BCS’ independent survey shows an increase in concern about the availability of design and build staff with an 11% rise, to 75%, of respondents believing there is an inadequate supply of skilled labour. The same independent BCS survey shows that 90% of those involved in the design and construction of data centres believe there is a dearth of both design and build personnel.

As the confusion regarding exam results and the subsequent issues with university places continues to test the education system, it is a growing concern for the future supply of resources skilled in the design and build of data centres.  It is then perhaps no surprise that for the second survey running, greater industry engagement with educators is ranked as the top factor to address this identified skills shortage. This is particularly important given the tremendous competition for suitably qualified STEM staff from a wave of different technology sectors across the wider economy. Early engagement with the industry at the educational level is needed to encourage the next generation of potential datacentre professionals through providing clear routes to jobs and career advancement that exist in many of the competing industries.

Better on the job training and improved or greater incentives for apprenticeships also ranked highly in the survey as  respondents acknowledged the positive impact that the education sector and businesses working in partnership can have in developing home-grown resources.  At BCS we believe that the expansion of apprenticeship places is vital to the success of the generation of UK based skills.  This year we had over 200 applicants for the apprentice and graduate scheme we operate in partnership with London Southbank University which provides funded places and, alongside studies, enables the apprentices to access every aspect of the BCS business.

From this year’s intake, Imogen Paton is enrolled on a Quantity Surveying Degree Apprenticeship at London Southbank University and will be sharing her time between studying there and getting some great practical experience with BCS over the next five years. Imogen said: “I am really looking forward to this opportunity to grow and work with both a great company and great university and can’t wait to get started!”

Many businesses might think that taking on an apprentice during the current pandemic will not bear fruit but that is not necessarily the case.  Yes, it can be harder and will require a little more care and attention but the right candidates will learn some invaluable skills during these strange times.

Ben Chappell, a BCS Apprentice Consultant from London Southbank University says he will “definitely take a new sense of confidence in working independently back to the office when the lockdown is over.”

“I’ve been balancing client tasks with Southbank University work successfully, which has given me assurance that my routine is productive. One of the lessons for my industry is that we now know that a significant amount of work can be done remotely if the circumstances require it. However, I am also very much aware of the importance of social interaction for both the office teams and client relations and I’m looking forward to getting back on site,” he said.

It is also worth remembering that the survey was undertaken at the beginning of the UK lockdown, before the length of the lockdown and subsequent travel restrictions could be fully understood.  Despite the timing, almost three-quarters of respondents believed that shortages amongst data centre operational staff was already making it increasingly difficult to run facilities well. It is now clear that the difficulties associated with international travel such as the lack of availability of flights and hotel rooms or the more recent focus on quarantine rules has made it even more difficult for the roving teams of design, build and maintenance engineers to do their jobs efficiently.  These teams are, of course, essential workers and not subject to the quarantine rules but travel, and life in general, is more difficult now, and as a result less productive.  This will mean that even more skilled engineers are required to support the existing infrastructure.

Meeting the demands for greater capacity was an issue before Covid-19 with 74% seeing higher labour costs, 55% using increased outsourcing and almost 50% seeing delays due to the shortage of available skills.  It is likely these numbers will be even higher next year. We should also take note of the likely impact of Brexit and any future immigration policy.  It is vital that any future policy recognises the importance of the data centre industry in the UK and supports it with favourable access for the skilled workers that will be needed in order to meet the existing demand. 

In conclusion, the demand for UK based data centres currently outstrips supply, smart working and automated processes, and a focus on education alongside investment and support from the Government, is required sooner rather than later to ensure the UK capitalises on this opportunity.

CEOs ‘need technology in their DNA’ to ensure success

960 640 Stuart O'Brien

CEOs and executive leadership positions should be filled by people with technology career backgrounds, such as app or software development, if businesses are to be more successful, say the majority (69%) of business leaders in the UK.

Research conducted by VMware has found international recognition that elevating technology team members into leadership roles drives significant value for the entire organisation.

When identifying specific benefits, over one in four (42%) business leaders highlight improved efficiency across the whole organisation, a third (33%) recognise increased business performance and greater innovation potential, and more than a third (39%) better customer experiences.

Vanson Bourne, commissioned by VMware, interviewed 2,250 respondents in EMEA (including 450 from the UK) during March and April 2020. This consisted of 750 business decision makers, 750 IT decision makers and 750 app developers. All respondents were from organisations with at least 500 employees, across all private and public sectors, including, but not limited to IT, financial services, retail and wholesale, healthcare, education and government.

VMware says the findings sit against a backdrop of seismic disruption, where digital transformation – the way technology transforms or enhances business models – has been validated in helping leaders and their organisations adapt to fast-changing market dynamics, changing business models and employee mobilization.

During the pandemic, UK businesses highlight the benefits of modernised applications, for example, to enhance their performance and resilience. More than half (58% ) of respondents highlighted the role of modernised apps to enable employees to work remotely, and just under a third referenced their ability to continuously push updates in response to the changing landscape (31%), and ensure reliable uptime (35%). 

In fact, more than three quarters (81%) of app developers and technology leaders in the UK believe that without successfully modernising applications, organisations will not be able to deliver a best-in-class customer experience. This is echoed by the global executive community; more than 80% of whom believe that enhancing application portfolios will improve the customer experience, which is directly tied to revenue growth.

“Business leaders have never been at the helm of so much change, so those with an inherent knowledge of technology and an understanding of how applications can help them adapt to any market conditions and shape their future performance and resiliency have a real advantage. Indeed, three quarters of the world’s business leaders agree that a ‘technology inside’ leadership skillset will bring success,” said Ed Hoppitt, Director of Apps and Cloud Native Platforms VMware, EMEA. “From the tens of millions of people and students now working and educating from home, to banks being able to scale to provide significant revenue streams, to businesses and retailers looking at digital platform options almost overnight, this pandemic has driven a decade of digital transformation in a few months. 

“It is the ability to get these defining, business apps – that deliver information and services into the hands of users, where needed – that creates success and genuinely drives customer engagement.  Leadership with technology in its DNA combined with a software-enabled digital foundation to serve up these digital services is a winning combination.”

Ursula Dolton, CTO at British Heart Foundation, said: “Businesses risk missing a trick by not appointing C-suite execs with backgrounds in technology. It is no longer enough to simply invest in technologies, since their benefits to organisations go well beyond implementation. In order to get the most from these investments, it’s vital to deliver cultural change and strategic direction, a role best suited for leaders with an understanding of these platforms and the power to both respond to demand and enforce real change.” 

A competitive advantage, born out of the continuous development and delivery of new applications and services, is also reinforced by the findings – which reveal that high-performing companies in EMEA have a more efficient and effective development rate of applications. Two thirds (66%) of new applications make it through to production in high-performing companies***, compared to 41% within underperforming organisations, while 70% of application efforts make it to production in the planned timeframe in high-performing organisations, compared with just 41% in underperforming.

McAfee on cybersecurity for the ‘new normal’ while managing the skills gap

960 640 Stuart O'Brien

Cybersecurity is now in the midst of an unprecedented challenge. While the scale, complexity and financial impact of data breaches and cyber attacks continue to increase, the pool of skilled professionals to fill security roles is dwindling.

According to research in March from the Department for Digital, Culture, Media and Sport, approximately 653,000 (48%) businesses have a basic skills gap, which means that those in charge of cybersecurity at those organisations lack the confidence to carry out the tasks laid out in the Government-backed Cyber Essentials scheme and do not have external support to do so. 

In practice, this means that almost half of UK businesses are unable to tackle the cybersecurity basics, such as setting up firewalls, storing or transferring personal data and detecting and removing malware. A further 408,000 organisations have “more advanced skills gaps”, covering areas such as penetration testing and security architecture.

Being unable to recruit skilled talent is simply exacerbating this problem, with employers identifying 35% of their security vacancies in the last three years as “hard to fill”.

Security teams are now being tasked with greater responsibility than ever, including getting entire workforces mobilised to work from home efficiently and securely, while battling a changing threat landscape. In light of the challenges they face today, it is more important than ever to take an intelligent, cloud-native approach to endpoint security.

We spoke to Adam Philpott, EMEA president at McAfee, about ways of managing the skills gap without compromising on security…

What can be done to tackle the skills gap issue in cybersecurity?

“To tackle such a complex issue requires both “top-of-the-funnel” intervention and investment from government organisations, but also collaboration across the cybersecurity industry and concrete measures from companies themselves.

“We can try to bring talent in further down the line, for example training employees later in their careers, but ensuring we have more talent available in the first place is essential. That is why nationwide investments in training in the technology sector, such as the establishment of a new UK Cyber Security Council to provide a framework for cybersecurity qualifications, are crucial and instrumental to closing the widening skill gap.

“However, there’s much that individual businesses can do to tackle the issue at their level, including implementing initiatives (whether it’s in collaboration with others in the industry or on their own) to promote greater diversity and attract more talent. For example, at McAfee we are targeting talent from outside of IT and security for many roles – an approach that requires thoughtful support mechanisms for onboarding and ongoing development.”

How much of an impact is a lack of diversity having on the wider skills gap, and how can it be combatted?

“A lack of diversity in recruitment processes, often coming through unconscious bias, means that businesses are missing out on large parts of the talent spectrum. This leads to slower progress in tackling the technical skills gap currently facing the industry.

“Building diverse teams should be a no-brainer for businesses, as doing so has clear benefits – from boosting creativity to achieving greater financial success. Companies in the top quartile for gender diversity are 15% more likely to have financial returns above their respective national industry medians, as well as benefitting from a wider bank of perspectives and expertise to draw on. Above all, diversity in the workforce is attractive to new talent and leads to better problem solving as well as improved service for customers of all backgrounds and perspectives.

“When working to combat the skills gap, companies should aim to weave diversity into every single process, programme and initiative. In practice, this means constantly thinking about different ways to access a more diverse talent pool, such as implementing flexible working practices. Alongside this, it’s important that companies are addressing the problem in the recruitment and interview processes, to ensure that hiring is as fair as possible. For instance, if an organisation is looking to recruit a better balance of men and women, it could change the wording in job adverts to make them more gender neutral or ensure that there is at least one woman on every interview panel making a recruitment decision on a candidate.”

How can organisations ease the burden on stretched IT teams without compromising on security?

“The average IT department manages thousands of endpoints, from desktops to IoT devices and everything in-between. Unfortunately, many security solutions simply dump too much information on stretched security teams and rely on senior analysts to investigate threats. When the skills gap issue is factored in, this can lead to serious holes in an organisation’s security posture.

“During the last few months of Covid-19 and the shift towards remote working, many businesses have been forced to accelerate a process of digitization, which in turn gives rise to two dimensions of complexity. Firstly, the infrastructure complexity that comes with more devices being connected and more cloud services being consumed. All of this needs protecting within the security OpEx envelope.

Secondly, there’s the security complexity, where a fragmented (or “best of breed”) solution weakens an organisation’s overall security posture. Both of these complexities put an undue burden on talent, exacerbating the ongoing skills gap issue.

“Some businesses look to outsource their threat detection and analysis, but in essence this only shifts the need for experts from one business to another. Rather than take this approach, organisations need to invest in the right cloud-native tools that identify and contain threats, but also help to upskill more junior staff and lighten the load for employees.

“Integrated solutions monitor and collect activity data from endpoints that could point to a threat, providing the visibility and context needed for security personnel to act. By analysing the data to identify threat patterns, its AI-driven response capabilities can automatically remove or contain threats and notify analysts, while the forensics and analytics tools hunt for identified threats and suspicious activities.

“Automation plays a key role here, handling a high volume of low intellect threats, which frees staff up to focus on higher-value work. By trusting in automated investigation, organisations can reduce alert noise and set up processes which enable staff to do more with less. This is vital for the business to maintain a consistently strong security posture, while allowing human personnel to focus on tasks that do more than just keep the lights on.”

Mind the gap: Upskilling cyber security teams

960 640 Guest Post

By Matt Cable, VP Solutions Architects & MD Europe, Certes Networks, is of interest at all?

At the end of 2019, it was reported that the number of unfilled global IT security positions had reached over four million professionals, up from almost three million at the same time the previous year. This included 561,000 in North America and a staggering 2.6 million in APAC. The cyber security industry clearly has some gaps to fill.

But it’s not just the number of open positions that presents an issue. Research also shows that nearly half of firms are unable to carry out the basic tasks outlined in the UK government’s Cyber Essentials scheme, such as setting up firewalls, storing data and removing malware. Although this figure has improved since 2018, it is still far too high and is a growing concern. 

To compound matters, the disruption of COVID-19 this year has triggered a larger volume of attack vectors, with more employees working from home without sufficient security protocols and cyber attackers willingly using this to their advantage.

Evidentially, ensuring cyber security employees and teams have the right skills to keep both their organisations and their data safe, is essential. However, as Matt Cable, VP Solutions Architects & MD Europe, Certes Networks explains, as well as ensuring they have access to the right skills, organisations should also embrace a mindset of continuously identifying – and closing – gaps in their cyber security posture to ensure the organisation is as secure as it can be.

Infrastructure security versus infrastructure connectivity

There is a big misconception within cyber security teams that all members of the team can mitigate any cyber threat that comes their way. However, in practice this often isn’t the case. There is repeatedly a lack of clarity between infrastructure security and infrastructure connectivity, with organisations assuming that because a member of the team is skilled in one area, they will automatically be skilled in the other. 

What organisations are currently missing is a person, or team, within the company whose sole responsibility is looking at the security posture; not just at a high level, but also taking a deep dive into the infrastructure and identifying gaps, pain points and vulnerabilities. By assessing whether teams are truly focusing their efforts in the right places, tangible, outcomes-driven changes can really be made and organisations can then work towards understanding if they currently do possess the right skills to address the challenges. 

This task should be a group effort: the entire IT and security team should be encouraged to look at the current situation and really analyse how secure the organisation truly is. Where is the majority of the team’s time being devoted? How could certain aspects of cyber security be better understood? Is the current team able to carry out penetration testing or patch management? Or, as an alternative to hiring a new member of the team, the CISO could consider sourcing a security partner who can provide these services, recognising that the skill sets cannot be developed within the organisation itself, and instead utilising external expertise.

It’s not what you know, it’s what you don’t know

The pace of change in cyber security means that organisations must accept they will not always be positioned to combat every single attack. Whilst on one day an organisation might consider its network to be secure, a new ransomware attack or the introduction of a new man-in-the-middle threat could quickly highlight a previously unknown vulnerability. Quite often, an organisation will not have known that it had vulnerabilities until it was too late. 

By understanding that there will always be a new gap to fill and continuously assessing if the team has the right skills – either in-house or outsourced – to combat it, organisations can become much better prepared. If a CISO simply accepts the current secure state of its security posture as static and untouchable, the organisation will open itself up as a target of many forms of new attack vectors. Instead, accepting that cyber security is constantly changing and therefore questioning and testing each component of the security architecture on a regular basis means that security teams – with the help of security partners – will never be caught off guard. 

Maintaining the right cyber security posture requires not just the right skills, but a mindset of constant innovation and assessment. Now, more than ever, organisations need to stay vigilant and identify the gaps that could cause devastating repercussions if left unfilled. 

  • 1
  • 2