Skip naar inhoud

The secret to building a future-proof cyber security team

Wilt u deze bijdrage aanbevelen? Dat kan via:

In a post-pandemic digital world, where cyber criminals see a feast of opportunities, what are the secrets to building a world-class cyber security function?
Every business is now a digital business. According to the UK Department of Culture, Media and Sport (DCMS), 96% of UK businesses have “some form of digital exposure”, offering cyber criminals more opportunities than ever before.

From the spectacular breaches that attract global attention to the everyday lapses, the cyber security threat landscape is evolving rapidly, with cyber criminals emboldened to strike at a world which hastily embraced digital technologies. ForgeRock’s 2021 consumer identity breach report revealed a 450% increase in username and password breaches, costing an average of $8.64m, partly attributing this increase to a lack of cyber security preparedness.

It’s a shame, too, because CEOs had been working hard to prioritise cyber security before the pandemic. Some 77% of businesses now treat it as a board-level priority, according to DCMS. But the changes wrought by the pandemic present business and security leaders alike with new challenges, while exacerbating old ones. And perhaps the most persistent obstacle to achieving a sufficiently strong cyber security posture has been building, retaining and scaling cyber security teams themselves.

So, in today’s post-pandemic digital world, where cyber criminals see a feast of opportunities, what are the secrets to building a world-class cyber security function? In my view, the three key elements are attributes, personality types and expectations.

Hire for attributes, not experience

The shortage of staff with highly technical cyber security skills like secure system design is well-documented at this point (see here and here), but something that is often overlooked by cyber security leaders is the importance of hiring for soft skills too.
This is an area where there has been improvement recently – a Tripwire survey found that 21% of respondents rated soft skills as more important than technical skills.
However, it’s still common to find a business trying to build its cyber security team by chasing an elusive unicorn with 15 years’ experience in the one domain they need at that particular moment – for example, DevSecOps or intrusion detection – and not considering the other skills they’ll need in the long term. They can be the most talented person in that one domain, but they need enough of that work to keep them busy and/or passionate, which is difficult in the fast-moving world of cyber security.
And hiring for the business today does not equate to success tomorrow. Technology changes, threats evolve and your cyber security tech base falls in line. Today’s technical standards will soon be out of date, so the most important attribute is being able to problem-solve and adapt, so they can respond to and overcome new challenges.
How can you keep someone happy if you’re fitting them into an attribute rather than a skill-shaped hole? Ground your hiring within a three- to five-year roadmap. For example, if you are hiring a cyber security graduate, that person won’t want to be in that role for 10 years. It’s up to you to create a plan to grow them professionally.
You should utilise them in projects that will provide additional experience and skills while you’re looking for opportunities to match their existing technical skills to other projects. For example, have them shadow other team members. That’s how you retain talent: with a guided roadmap. And if you really need that single-aspect technical specialist, just hire a contractor rather than a permanent employee.

Be sensitive to personality types

Another trait which is often overlooked is emotional intelligence and personality types. This is changing – this year’s F-Secure survey of chief information security officers (CISOs) found that two-thirds understood the increasingly important role of emotional intelligence in helping them navigate the business. This mentality can, and should, apply across the cyber security team as it can fundamentally alter its cohesion.
Making sure you’re forming a cohesive group will help to ensure team members will work well with others. Even if they have the most impressive CV, their way of working could be at odds with the team and may end up upsetting your team balance. No amount of expertise can make up for that damage, so making the right judgement call about how a candidate will fit into the existing ecosystem at the outset is just as important as sizing up qualifications in building an impactful team.
This is where CVs and many interviews are seriously deficient. You get zero insight into someone’s personality reading through a sanitised list of experience or asking them their opinion of a security framework. So use interviews to get behind the veil by asking unusual questions to which candidates are unlikely to have rehearsed answers, to get an insight into who they are. I often ask, ‘What’s your idea of a good weekend?’ to find out about how they prioritise things in life – and their willingness to answer questions honestly.

Be realistic about expectations

Many graduates have been fed inflated ideas about the cyber security job market, creating the risk of a mismatch of expectations versus reality. As a result, it’s up to hiring managers to be clear about what a career actually looks like – at the same time as creating the future development opportunities that will help new employees’ careers progress.
The best antidote to unrealistic expectations is total transparency. Hirers should paint a very clear picture for the candidate of what the reality actually is for new employees, including putting the salary on the job advertisement. In California, companies have to tell applicants the role’s salary band if asked, but I don’t see any point in waiting.
To make sure these are in line with your geography and the seniority of the role, use compensation benchmarks for due diligence. Make sure you discuss salary requirements early in the recruitment process – it’s one of the most common hiring stumbling blocks, so don’t put it off. And combine this early realignment with a genuine commitment to long-term career progression, so even if graduates aren’t getting the glamour they were falsely promised early on, they know there are opportunities for growth.
Businesses can’t afford to have a cyber security team made up of ineffective professionals in this climate – they will be failing before they even start. It may seem obvious, but scaling and strengthening your cyber security team and talent is a fundamental that so many businesses still get wrong.
But by hiring for soft skills, not experience, being sensitive to personality types and being upfront about role expectations, businesses can shore up their defences at a time of elevated risk and equip their teams to adapt for the future.

Lees ook:

Het groeiende gevaar van malvertising via Google Ads

Er is een groeiend gevaar van malvertising via Google Ads, waarbij slechteriken echte websites klonen en de downloadlink vervangen door malware. Dit wordt versterkt door de integratie van Google Ads in de echte zoekresultaten, waardoor het moeilijk is om te onderscheiden of een zoekresultaat een ad is of niet. Hierdoor zijn mensen geneigd om op deze advertenties te klikken, in de veronderstelling dat het een echte zoekresultaat is.

EasyComp Host lanceert vernieuwde website met verdubbelde server capaciteit en lagere prijzen!

We zijn trots om aan te kondigen dat EasyComp Host een vernieuwde website heeft gelanceerd met nog meer krachtige hostingopties. Naast onze nieuwe website, hebben we de capaciteit van onze server rack verdubbeld en zijn we volledig in eigen beheer. Dit betekent dat we in staat zijn om onze prijzen zo laag mogelijk te houden terwijl we onze klanten blijven voorzien van de beste service. Daardoor zijn we in staat tot 5x meer te kunnen aanbieden dan eerder het geval was en dat alles voor een zeeuws prijsje!

Apple verrast ons weer met een nieuw product, u zult niet geloven wat het is.

Afgelopen dinsdag kwam Apple met een onverwachte release van nieuwe producten, waaronder de nieuwe Mac mini en MacBook Pro. Vandaag kondigde het bedrijf nog een andere verrassing aan: de nieuwe HomePod.

Nieuwe Macs met M2 Pro en M2 Max chips

Er zijn vier nieuwe Macs uitgebracht met de nieuwe M2 Pro en M2 Max chips. Deze chips verhogen de core-aantallen, waardoor de prestaties verbeterd worden. Daarnaast zijn er verbeteringen in de GPU, waardoor de beeldverwerking 40% sneller is dan de vorige generatie. Ook is de batterijduur vergroot en is het nu mogelijk om 8K video uit te sturen via HDMI.

Google Home-hack laat hackers afluisteren van je privégesprekken – Dit moet je weten! Waarom wordt Twitter steeds gehackt en heeft China eindelijk de encryptie gebroken met kwantumcomputers?

Is Google Home aan het afluisteren, waarom wordt Twitter steeds gehackt? En heeft China eindelijk de encryptie gebroken met kwantumcomputers? Dat zijn enkele van de onderwerpen die we bespreken in
Windows 8.1 startmenu

Microsoft kondigt einde van de ondersteuning voor Windows 8.1 aan

Microsoft heeft onlangs aangekondigd dat het de ondersteuning voor Windows 8.1 heeft beëindigd. Dit betekent dat gebruikers van Windows 8.1 geen gratis beveiligingspatches meer zullen ontvangen via Windows Update. Hoewel het einde van de ondersteuning voor Windows 8.1 niet hetzelfde impact zal hebben als het einde van de ondersteuning voor Windows 7 in 2020, markeert het nog steeds het einde van een tijdperk voor degenen die het besturingssysteem in de afgelopen decennium hebben gebruikt. De Windows Embedded-equivalent van Windows 8.1, Windows Embedded 8.1 Industry, blijft wel ondersteuning ontvangen tot 11 juli 2023.

Wilt u deze bijdrage aanbevelen? Dat kan via:

Klaar voor de beste oplossing voor uw IT & ICT-situatie?

Ik heb mijn wachtwoord gewijzigd in “onjuist.” Dus wanneer ik vergeet wat het is, zal de computer zeggen: “Uw wachtwoord is onjuist.”