training Archives - Cyber Secure Forum | Forum Events Ltd
Posts Tagged :

training

Public-private partnership launched to tackle UK cyber skills shortage

 960 640 Stuart O'Brien
By:
0
0

It’s hoped more people will soon be able to secure fulfilling, highly skilled jobs in the cyber security industry through a new scheme to address the shortage of cyber security experts launches its next iteration.   

HM Government and training provider SANS have partnered to launch the Upksill in Cyber training programme to help UK  professionals make a career change into cyber security. The programme, lasting 14 weeks, offers training, career advice and interview training to help workers change careers into cyber security roles.  

So far, it has trained over 200 students with non-cyber backgrounds. Many have gone on to secure guaranteed job interviews upon successful completion of the training programme. 

Andrea Csuri, a recent graduate of the Upskill in Cyber programme has successfully switched from the retail industry to a cyber security analyst role. She said “The programme was incredibly comprehensive, covering a vast array of topics related to cyber security. I was able to connect with mentors who work in the cyber security field, which was of great interest to me. Additionally, the live sessions with a recruiter were a fantastic resource, providing me with insights and advice on how to navigate the job market in this field. I now work as an Analyst for a company that helps organisations manage their IT and cyber security risks”. 

Recent research by SANS Institute found that 44% of the UK workforce have considered a career change in the last year. However, only 6% have taken an interest in pursuing a career in cyber security despite ranking better pay, career advancement opportunities, and flexible working as the top three benefits of pursuing a career in cyber security. This is due to a lack of understanding about the industry, roles available or the skills needed to even consider pursuing a career in cyber security   

To tackle this, SANS and HM Government are now launching the second iteration of the programme, to power stronger growth and better jobs by upskilling more individuals into cyber security.   

Minister for Science, Innovation, and Technology, Viscount Camrose, said, “The UK is rapidly establishing itself as a world leader in cyber security, and ensuring people have the skills they need to access jobs in the industry is key to cementing and expanding that reputation”. 

“The Upskill in Cyber programme lets us do exactly that – removing knowledge and skills barriers for aspiring cyber security professionals, and supporting them into the exciting new careers which fuel innovation, drive growth and protect our economy”.   

Stephen Jones, Managing Director of SANS Institute, added: “We have found that certain businesses lack the incident response and governance cyber security skills needed to face up to the realities of a challenging threat landscape. Our training programme helps to eradicate these skills gaps, breaking down barriers to facilitate the transition into a career in cyber. Individualised training equips candidates with both a solid theoretical foundation and hands-on practical skills, enabling them to tackle the most pressing security threats that organisations face today.” 

“The Upskill in Cyber programme opens up the dynamic world of cyber security to people from all walks of life,” said Ciaran Martin, Director of CISO (Chief Information Security Officers) Network at the SANS Institute. “Our training approach will equip and empower candidates with the skills and experiences they need to make them deployable in the cyber security workforce in just a matter of weeks. Throughout the programme, candidates will receive world-class training and support, gaining first-hand access to key industry representatives to better understand rising threats, roles, and responsibilities. In our 2022 programme, 100% of the candidates were provided with multiple opportunities to interact with hiring organisations. We are excited to witness the programme’s continued growth and success this year, as it unlocks new career opportunities in a diverse, dynamic, and forward-thinking industry brimming with potential.” 

Say goodbye to traditional security training: How to keep your staff engaged!

 960 640 Guest Post
By:
0
0

As the saying goes, what got you here, won’t get you there. While the traditional method of once-a-year security awareness training for your staff may have been an acceptable method in the early 2000’s, times change, and so do the needs of staff. Simply providing information to employees is not enough. For best results, information delivered needs to be relevant, timely, and appropriate.

Take the example of teaching a child to cross the road. The best time to teach them is when you’re at a road. This makes the lesson timely and relevant. It also needs to be explained to them in terms they will understand and connect to, this makes it appropriate.

With KnowBe4, you can deliver training to employees which is relevant, timely, and appropriate. It contains a huge library of content covering training modules, video modules, mobile optimised content, assessments, games, newsletters, posters, and much more. Plus, the content is localised in many languages and with many different tones and formats available, there is certainly something for every organisation.

Smart groups can also be used to deliver specific training to selected users. For example, there is no point in making everyone go through security awareness tips when travelling, if most people never travel to a remote location. Putting your road warrior employees in one group and only sending them the training makes it far more relevant.

Perhaps the hardest part of training is delivering it at the right time. There is never an ideal time for employees to take time out of their day to complete their training. Which is why it’s important to not just provide the option of short and quick modules which can be completed during a tea break. But have a method to intervene with training when it is needed the most. With SecurityCoach users can be coached in real-time based on their real-world behaviours.

Whichever tool you use, make sure the training provided is relevant, timely, and appropriate to make it stick.

Find out what percentage of your employees are Phish-prone™ with our free test.

The Synack platform expands to confront the cyber skills gap

 960 640 Guest Post
By:
0
0

By Peter Blanks Chief Product Officer, Synack

At Synack, we’re committed to making the world a safer place. We’re doing that by helping organizations defend themselves against an onslaught of cyberattacks. We’re doing it by harnessing the tremendous power of the Synack Red Team, our community of the most skilled and trusted ethical hackers in the world, and through the most-advanced security tools available today.

Now, the Synack Platform is expanding to help organizations globally overcome the worldwide cybersecurity talent gap. I am excited to announce the launch of Synack Campaigns to provide on-demand access to the SRT, who will be available 24/7 to execute specific and unique cybersecurity tasks whenever you need them — and deliver results within hours. This new approach to executing targeted security operations tasks will fundamentally change organizations’ approach to cybersecurity by providing on-demand access to this highly skilled community of security researchers.

During my time at Synack, I’ve seen firsthand how the Synack Operations and Customer Success teams creatively engage with the SRT to address a growing range of clients’ security operations tasks, in addition to our traditional vulnerability discovery and penetration testing services.

Now, we are making these targeted security activities directly available to every organization in the form of Synack Campaigns, available through the new Synack Catalog, also launching today on the Synack Client Platform.

The new Synack Catalog, where customers can discover, configure, purchase and launch Synack Campaigns is available now on the Synack Client Portal. Please speak with your CSM to have this feature enabled for your organization.

I know from speaking to our clients across multiple industries that security teams are struggling to keep pace with the speed of product development. At the same time, they are trying to scale defenses to meet the complexity and magnitude of today’s threats. Our customers ascribe challenges with their growing backlog of security tasks such as CVE checks and cloud configuration reviews. On top of all of that, there’s the need to implement industry best-practice frameworks such as OWASP & Mitre Att&ck. Essentially, customer security teams are struggling with demanding workloads and have asked us for assistance in a number of areas:

  • On-demand access to talented Synack Red Team members who are available 24/7 and capable of completing diverse security operations activities across a growing range of assets.
  • A flexible security solution that can be configured to meet their specific needs in one centralized platform with their existing pentesting insights.
  • A security solution that delivers results quickly (hours and days, not weeks or months) and is aligned with their agile development processes.

Synack Campaigns expands the core capabilities of the Synack Platform, including our trusted community of researchers, an extensive set of workflows, payment services, secure access controls and intelligent skills-based task-routing to provide customers with the ability to execute a growing catalog of cybersecurity operations.

With Synack Campaigns our researchers can augment internal security teams by performing targeted security checks such as:

  • CVE and OWASP Top 10 vulnerability checks
  • Cloud Configuration Checks
  • Compliance Testing (NIST, PCI, GDPR, etc.)
  • ASVS Checks

Synack Campaigns are built to complement our vulnerability management and pentesting services, and help customers achieve long-term security objectives, such as Application SecurityM&A Due Diligence, and Vulnerability Management.

5 innovative cybersecurity training methods to try in 2021

 960 640 Guest Post
By:
0
1

By Juta Gurinaviciute, Chief Technology Officer at NordVPN Teams

As much as 88% of data breaches are caused by human error, but only 43% of workers admit having made mistakes that compromised cybersecurity. In the past year a third of the breaches incorporated social engineering techniques and the cost of a breach caused by a human error averaged to $3.33 million

To mitigate the risk, enterprises develop complex cybersecurity strategies and action plans, yet they are insufficient unless acknowledged by every member of their organization. Half of the Chief Information Security Officers (CISOs) plan to extend cybersecurity and privacy into all business decisions and that makes it every employee’s concern. 

With the ever-changing and evolving digital threats, maintaining cyber resistance is no longer limited to IT and security officers and depends on every member of the organization. Constant training is a way to build the team’s resilience against threats, yet it is not uncommon for them to turn into dull PowerPoint sessions, after which few remember the safety measures they should take. The problem is amplified by the workforce operating from home and not subscribing to security policies of the company.

CISOs and other stakeholders can grab employees’ attention by changing the methods of the regular cybersecurity training. Those who found training to be very interesting were 13 times more likely to change the way they think about cyber threats and protection against them. Therefore, organizations should seek memorable, entertaining and accessible ways to talk about complicated security matters.

5 ways to make cybersecurity training more attractive

Gamify it. Dull figures slide after slide, myriads of ‘dos and don’ts’ along with knotty safety procedures make the process lethargic. Quizzes, games, prizes and quality time with colleagues will enhance enjoyment and learning. Interactive activities boost engagement and thus yield better results when it comes to teaching staff about cybersecurity. 

Engage in friendly competition. The key element of the gamification is competition. However,  putting a prompt question within the video lesson or offering ‘innovative’ content is not enough. People are engaged when they have an incentive, be it a prize or pride. Companies should organize monthly, quarterly or yearly competitions to keep a workforce constantly aware of new threats and how to tackle them.

Make it rewarding. Turn the right answer into a badge, a discovered vulnerability into a star, and a year without an incident into a holiday bonus. People expect feedback while participating in a competition, and the reward system is the optimal way to do it. Instead of giving an opinion to everybody in private, security and IT professionals can award the achievements. They also help to track the progress of each employee and take the precautions if necessary.

Turn it into a team effort. Staying protected from breaches and attacks is everyone’s interest. Thus employees should be encouraged to work in teams and solve riddles with their colleagues. In a cybersecurity workshop, for instance, employees can be asked to craft a phishing email. This encourages them to find out more about this criminal technique, to look at the examples of it and thus recognize them at the first glance next time. 

Be understood. For information security professionals, IT and cybersecurity jargon is a native language.  Yet for accountants, marketers and many others it’s just a meaningless jabber. Make sure to speak clearly and to explain every term in plain language so the relative layman understands and remembers.

These tips also apply when teaching the staff how to use various cybersecurity tools, such as cloud services or VPNs. With people working remotely, many of them face the need to use two-factor authentication or secure connection for the first time as it was readily available by default at their usual workstations. Now they have to care for their and their company’s protection themselves. 

Cybersecurity is no longer a thing only information security and IT departments care about. As many workplaces rely solely on digital solutions which are used by the entire workforce, staying protected against cyberattacks requires everyone’s joint effort. The main notions of data security must be conveyed in an appealing manner.

NCSC reveals role play exercises to keep home workers cyber safe

 960 640 Stuart O'Brien
By:
0
0

Business owners are being urged to help keep their home working staff safe from cyber attacks by testing their defences in a roleplay exercise devised by the NCSC.

The ‘Home and Remote Working’ exercise is the latest addition to the National Cyber Security Centre’s Exercise in a Box toolkit, which helps small and medium sized businesses carry out drills in preparation for actual cyber attacks.

Launched last year, the toolkit sets a range of realistic scenarios which organisations could face, allowing them to practise and refine their response to each.

The latest exercise – the tenth in the series – is focused on home and remote working, reflecting the fact that for many organisations this remains a hugely important part of their business.

Sarah Lyons, NCSC Deputy Director for Economy and Society Engagement, said: “We know that businesses want to do all they can to keep themselves and their staff safe while home working continues, and using Exercise in a Box is an excellent way to do that.

“While cyber security can feel daunting, it doesn’t have to be, and the feedback we have had from our exercises is that they’re fun as well as informative.

“I would urge business leaders to treat Exercise in a Box in the same way they do their regular fire drills – doing so will help reduce the chances of falling victim to future cyber attacks.”

The exercise follows a range of products developed by the NCSC – which is a part of GCHQ – to support remote working during the coronavirus pandemic, including advice on working from home and securely setting up video conferencing.

The new ‘Home and Remote Working’ exercise is aimed at helping SMEs to reduce the risk of data compromise while employees are working remotely.

The exercise focuses on three key areas: how staff members can safely access networks, what services might be needed for secure employee collaboration, and what processes are in place to manage a cyber incident remotely.

Some of the most popular exercises include scenarios based around ransomware attacks, losing devices and a cyber attack simulator which safely imitates a threat actor targeting operations to test an organisation’s cyber resilience.

As part of the exercises, staff members are given prompts for discussion about the processes and technical knowledge needed to enhance their cyber security practices. At the end an evaluative summary is created, outlining next steps and pointing to NCSC guidance.

Exercise in a Box is an evolving tool and since it was launched the NCSC has continued to work on the platform. It has recently been given a new refreshed look to make it even more intuitive for users and soon micro-exercises – ‘bite-sized’ exercises that focus on a specific topic – will be added.

Jonathan Miles, Head of Strategic Intelligence and Security Research at Mimecast, said: “This new NCSC tool is a fantastic measure and will be welcomed universally as the threat of cyber attack continues to rise. In fact, our State of Email Security shows that 91% of UK organisations believe their organisation volume of web and email spoofing will increase in the coming year, while 59% of UK organisations have observed an increase in phishing attacks over the last year. It’s important that organisations prioritise cyber security, especially at a time where remote working has become the norm and connecting corporate devices via the home router becomes commonplace. This provides greater opportunity for malicious actors to infiltrate and obtain sensitive corporate data through unsecured home devices, so it’s important that businesses educate their staff on the tell tales signs of compromise and the benefits of good cyber hygiene practices.

“Regular cybersecurity awareness education is also key. Our State of Email Security report found 56% of organisations don’t provide awareness training on a frequent basis, leaving organisations incredibly vulnerable. This is supported by further research which found that enterprises that didn’t utilise Mimecast awareness training were 5x times more likely to click on malicious links as opposed to those companies that did. Often such training and education exercises may be viewed as burdensome or tedious, but it’s crucial that organisations work to change this perception and using tools such as these provided by the NCSC and others can significantly help. Our research has identified that awareness training, which is fun, interactive, and done in intervals can significantly help with retention, in addition to bolstering cyber defence in depth.”

You can sign up for Exercise in a Box or find out more about it on the NCSC’s website.

McAfee on cybersecurity for the ‘new normal’ while managing the skills gap

 960 640 Stuart O'Brien
By:
0
0

Cybersecurity is now in the midst of an unprecedented challenge. While the scale, complexity and financial impact of data breaches and cyber attacks continue to increase, the pool of skilled professionals to fill security roles is dwindling.

According to research in March from the Department for Digital, Culture, Media and Sport, approximately 653,000 (48%) businesses have a basic skills gap, which means that those in charge of cybersecurity at those organisations lack the confidence to carry out the tasks laid out in the Government-backed Cyber Essentials scheme and do not have external support to do so. 

In practice, this means that almost half of UK businesses are unable to tackle the cybersecurity basics, such as setting up firewalls, storing or transferring personal data and detecting and removing malware. A further 408,000 organisations have “more advanced skills gaps”, covering areas such as penetration testing and security architecture.

Being unable to recruit skilled talent is simply exacerbating this problem, with employers identifying 35% of their security vacancies in the last three years as “hard to fill”.

Security teams are now being tasked with greater responsibility than ever, including getting entire workforces mobilised to work from home efficiently and securely, while battling a changing threat landscape. In light of the challenges they face today, it is more important than ever to take an intelligent, cloud-native approach to endpoint security.

We spoke to Adam Philpott, EMEA president at McAfee, about ways of managing the skills gap without compromising on security…

What can be done to tackle the skills gap issue in cybersecurity?

“To tackle such a complex issue requires both “top-of-the-funnel” intervention and investment from government organisations, but also collaboration across the cybersecurity industry and concrete measures from companies themselves.

“We can try to bring talent in further down the line, for example training employees later in their careers, but ensuring we have more talent available in the first place is essential. That is why nationwide investments in training in the technology sector, such as the establishment of a new UK Cyber Security Council to provide a framework for cybersecurity qualifications, are crucial and instrumental to closing the widening skill gap.

“However, there’s much that individual businesses can do to tackle the issue at their level, including implementing initiatives (whether it’s in collaboration with others in the industry or on their own) to promote greater diversity and attract more talent. For example, at McAfee we are targeting talent from outside of IT and security for many roles – an approach that requires thoughtful support mechanisms for onboarding and ongoing development.”

How much of an impact is a lack of diversity having on the wider skills gap, and how can it be combatted?

“A lack of diversity in recruitment processes, often coming through unconscious bias, means that businesses are missing out on large parts of the talent spectrum. This leads to slower progress in tackling the technical skills gap currently facing the industry.

“Building diverse teams should be a no-brainer for businesses, as doing so has clear benefits – from boosting creativity to achieving greater financial success. Companies in the top quartile for gender diversity are 15% more likely to have financial returns above their respective national industry medians, as well as benefitting from a wider bank of perspectives and expertise to draw on. Above all, diversity in the workforce is attractive to new talent and leads to better problem solving as well as improved service for customers of all backgrounds and perspectives.

“When working to combat the skills gap, companies should aim to weave diversity into every single process, programme and initiative. In practice, this means constantly thinking about different ways to access a more diverse talent pool, such as implementing flexible working practices. Alongside this, it’s important that companies are addressing the problem in the recruitment and interview processes, to ensure that hiring is as fair as possible. For instance, if an organisation is looking to recruit a better balance of men and women, it could change the wording in job adverts to make them more gender neutral or ensure that there is at least one woman on every interview panel making a recruitment decision on a candidate.”

How can organisations ease the burden on stretched IT teams without compromising on security?

“The average IT department manages thousands of endpoints, from desktops to IoT devices and everything in-between. Unfortunately, many security solutions simply dump too much information on stretched security teams and rely on senior analysts to investigate threats. When the skills gap issue is factored in, this can lead to serious holes in an organisation’s security posture.

“During the last few months of Covid-19 and the shift towards remote working, many businesses have been forced to accelerate a process of digitization, which in turn gives rise to two dimensions of complexity. Firstly, the infrastructure complexity that comes with more devices being connected and more cloud services being consumed. All of this needs protecting within the security OpEx envelope.

Secondly, there’s the security complexity, where a fragmented (or “best of breed”) solution weakens an organisation’s overall security posture. Both of these complexities put an undue burden on talent, exacerbating the ongoing skills gap issue.

“Some businesses look to outsource their threat detection and analysis, but in essence this only shifts the need for experts from one business to another. Rather than take this approach, organisations need to invest in the right cloud-native tools that identify and contain threats, but also help to upskill more junior staff and lighten the load for employees.

“Integrated solutions monitor and collect activity data from endpoints that could point to a threat, providing the visibility and context needed for security personnel to act. By analysing the data to identify threat patterns, its AI-driven response capabilities can automatically remove or contain threats and notify analysts, while the forensics and analytics tools hunt for identified threats and suspicious activities.

“Automation plays a key role here, handling a high volume of low intellect threats, which frees staff up to focus on higher-value work. By trusting in automated investigation, organisations can reduce alert noise and set up processes which enable staff to do more with less. This is vital for the business to maintain a consistently strong security posture, while allowing human personnel to focus on tasks that do more than just keep the lights on.”

Mind the gap: Upskilling cyber security teams

 960 640 Guest Post
By:
0
0

By Matt Cable, VP Solutions Architects & MD Europe, Certes Networks, is of interest at all?

At the end of 2019, it was reported that the number of unfilled global IT security positions had reached over four million professionals, up from almost three million at the same time the previous year. This included 561,000 in North America and a staggering 2.6 million in APAC. The cyber security industry clearly has some gaps to fill.

But it’s not just the number of open positions that presents an issue. Research also shows that nearly half of firms are unable to carry out the basic tasks outlined in the UK government’s Cyber Essentials scheme, such as setting up firewalls, storing data and removing malware. Although this figure has improved since 2018, it is still far too high and is a growing concern. 

To compound matters, the disruption of COVID-19 this year has triggered a larger volume of attack vectors, with more employees working from home without sufficient security protocols and cyber attackers willingly using this to their advantage.

Evidentially, ensuring cyber security employees and teams have the right skills to keep both their organisations and their data safe, is essential. However, as Matt Cable, VP Solutions Architects & MD Europe, Certes Networks explains, as well as ensuring they have access to the right skills, organisations should also embrace a mindset of continuously identifying – and closing – gaps in their cyber security posture to ensure the organisation is as secure as it can be.

Infrastructure security versus infrastructure connectivity

There is a big misconception within cyber security teams that all members of the team can mitigate any cyber threat that comes their way. However, in practice this often isn’t the case. There is repeatedly a lack of clarity between infrastructure security and infrastructure connectivity, with organisations assuming that because a member of the team is skilled in one area, they will automatically be skilled in the other. 

What organisations are currently missing is a person, or team, within the company whose sole responsibility is looking at the security posture; not just at a high level, but also taking a deep dive into the infrastructure and identifying gaps, pain points and vulnerabilities. By assessing whether teams are truly focusing their efforts in the right places, tangible, outcomes-driven changes can really be made and organisations can then work towards understanding if they currently do possess the right skills to address the challenges. 

This task should be a group effort: the entire IT and security team should be encouraged to look at the current situation and really analyse how secure the organisation truly is. Where is the majority of the team’s time being devoted? How could certain aspects of cyber security be better understood? Is the current team able to carry out penetration testing or patch management? Or, as an alternative to hiring a new member of the team, the CISO could consider sourcing a security partner who can provide these services, recognising that the skill sets cannot be developed within the organisation itself, and instead utilising external expertise.

It’s not what you know, it’s what you don’t know

The pace of change in cyber security means that organisations must accept they will not always be positioned to combat every single attack. Whilst on one day an organisation might consider its network to be secure, a new ransomware attack or the introduction of a new man-in-the-middle threat could quickly highlight a previously unknown vulnerability. Quite often, an organisation will not have known that it had vulnerabilities until it was too late. 

By understanding that there will always be a new gap to fill and continuously assessing if the team has the right skills – either in-house or outsourced – to combat it, organisations can become much better prepared. If a CISO simply accepts the current secure state of its security posture as static and untouchable, the organisation will open itself up as a target of many forms of new attack vectors. Instead, accepting that cyber security is constantly changing and therefore questioning and testing each component of the security architecture on a regular basis means that security teams – with the help of security partners – will never be caught off guard. 

Maintaining the right cyber security posture requires not just the right skills, but a mindset of constant innovation and assessment. Now, more than ever, organisations need to stay vigilant and identify the gaps that could cause devastating repercussions if left unfilled. 

Most Urgent CISO Skills 2020: Reporting, Avoiding Burnout, More collaboration

 960 640 Guest Post
By:
0
0

By Jake Olcott, VP of Government Affairs, BitSight

Since the creation of the first CISO role about 25 years ago, the job has changed dramatically. What was once an uncommon position has quickly become standard, with the majority of companies including a cybersecurity-specific role in their C-suites.

As cybersecurity has gone from niche issue to mainstream business concern, the CISO has become more important. And, although many CISOs come from purely technical backgrounds, new challenges have forced them to take on the responsibilities of business leaders.

As a result, the most important CISO skills are not necessarily technical in nature. Business skills like collaboration, communication, and management are just as critical for CISOs as they aim to reduce cyber risk in an increasingly fraught threat landscape.

Here are some of the most important CISO skills for 2020:

Collaboration

Cybersecurity is collaborative. The most efficient team of SOC analysts in the world can’t prevent incidents if employees in other parts of the organisation aren’t trained on good security hygiene. CISOs can’t give their teams the resources they need if their Board and fellow executives don’t understand security challenges and allocate the necessary budget.

Shockingly, however, only 22% of companies say their organisation’s security function is integrated with other business functions.

CISOs in 2020 and beyond will need to build collaboration skills in order to act as ambassadors for the cybersecurity program. Communicating security priorities to other departments and across lines of business or distributed workplaces is a challenge but gaining their buy-in is essential to maintaining effective security.

Avoiding burnout

CISOs don’t have it easy. 91% of CISOs say they suffer from moderate or high stress, and 27.5% of CISOs say stress affects their ability to do their jobs. CISO burnout is real, and it can create new security risks as well as personal challenges.

Strange as it might seem, one of the most important skills for CISOs is making sure they don’t become victims of burnout themselves.

One aspect of avoiding burnout is stress management. Exercise, meditation, and other stress-reducing activities can be very helpful. However, personal stress management isn’t going to be enough to stem the burnout crisis. CISOs can also consider advocating for policies in their organisations that reduce the likelihood of job stress, such as workplace wellness programs or limiting after-hours email notifications.

Increasing employee engagement 

CISOs aren’t the only cybersecurity professionals at risk of burning out. 65% of SOC professionals say stress has caused them to think about quitting.

As the cybersecurity skills shortage drags on, the most effective CISOs will be the ones who make sure their best employees stay on long-term.

With a 0% industry unemployment rate, the market pressure is on the employer to keep employees happy, not the other way around. That means security leaders must hone their people management skills and keep a finger on the pulse of employee engagement.

There are many techniques for increasing employee engagement, and each CISO will need to figure out what will work best in their own organisation. Some effective techniques include:

  • Increasing the frequency of employee/manager meetings
  • Giving employees several avenues for giving feedback, including anonymous suggestions
  • Adding more social time to the schedule, or hosting company-sponsored parties or group activities
  • Recognising high-performers with awards and prizes

Communication and reporting 

When reporting to the Board, other executives, or even third-party auditors, CISOs need to make sure they get the messaging right.

One of the most important CISO skills is being able to translate complicated technical concepts into easy-to-understand language. When others can actually wrap their minds around the challenges of the cybersecurity program, they’re more likely to buy in and provide support.

On a basic level, CISOs can improve their communications by avoiding information-dumping and scare tactics. Turning in a 100-page report full of metrics the Board doesn’t understand isn’t useful. Similarly, warning of worst-case-scenarios can backfire when it creates a reactionary approach to security.

Further, CISOs should take a risk-based approach to cybersecurity reporting. In practice, that means making sure KPIs contain context about the actual risk posed to the organisation. In addition, CISOs should understand each data point’s impact on larger business KPIs and objectives.

Following a risk-based approach to reporting can help CISOs demonstrate the effectiveness of their programs, advocate for new initiatives, and improve overall security.

UK police team up with Cisco for cyber security training

 960 640 Stuart O'Brien
By:
0
0

Cisco Networking Academy has announced plans to team up with the UK’s police force in a bid to make the country’s cyber space a safer environment.

The initiative will see officers all over the country trained in best cyber security practices and has been described as a ‘pivotal partnership’.

As well as sharing its expertise in the field of cyber security, Cisco will also be running scaleable and accessible programmes for police officers, of which the company revealed there are at least 12,000 across England, Scotland, Wales and Northern Ireland currently maintaining the safety and security of online and offline worlds. 

“We are very pleased to be working with Cisco Networking Academy. By joining the programme, forces can access training designed to raise awareness and increase their understanding of cybercrime and cyber threats, while also gaining insights into the procedures used to defend networks,” said Andy Beet, National Police Chiefs’ Council, Data Communications Group, Futures Lead. 

“It’s important for all police officers to understand cybersecurity as fully as possible; by doing so they can develop their knowledge in this increasingly important area, improving security in both their professional and personal lives,” Beet concluded.

Reading is UK’s top destination for cybersecurity professionals

 960 640 Stuart O'Brien
By:
0
0

A new study has revealed the top UK cities for those working in the cybersecurity industry, measured against a criteria of salary levels, affordability, job availability and sector growth potential.

Reading came out top of the rankings, followed by Leeds, Cardiff, Edinburgh and Manchester, according to data pulled together by cyber security training outfit, Crucial Academy.

The research makes for interesting reading (no pun intended) against the backdrop of the perceived skills gap within the UK’s cybersecurity community, and beyond – the Information Systems Audit and Control Association (ISACA) estimates a global shortage of 2 million cyber security professionals by 2019, according to the UK House of Lords Digital Skills Committee.

In August, research from Databarracks revealed only 56 per cent of UK firms believe they have sufficient cybersecurity skills in-house to deal with the numerous threats they are facing, according to new research.

Databarracks questioned over 400 IT decision makers in the UK as part of its 10th annual, survey in order to understand their views on a series of issues relating to IT security and business continuity.

And 12 months ago the UK Government said it was “acutely aware” of the need for more skilled cyber security professionals working within the sector, and that it was embarking on a series of initiatives to help promote the profession.

Discussing the concern with members of UK technology industry body TechUK, Matt Parsons, head of cyber security skills at the Department for Culture, Media and Sport (DCMS) said at the time: “We are looking at a number of ways to retrain people who are interested in moving into the industry at pace and at scale.

“Using what we have learned, we are planning to scale up and look at how we can support the cyber security industry – and get more people in at a quicker rate.”

Neil Williams, CEO of Crucial Academy, said: “The cyber security skills gap is a growing issue across the UK. Every city in the ranking is a tech hub within its own right, however, it is fascinating to see which cities, based on these factors, may be more attractive to the much-needed talent pool of cyber security professionals.”

Tom Marcus, an MI5 veteran who works with Crucial Academy, said: “Cyber security is one of the most serious issues UK business faces today. For young people leaving education, ex-military people looking to transition to civilian life or those looking for a career change, there is no career no more Brexit-proof than cyber security.”

  • 1
  • 2