The pace of change in the cybersecurity world is simply startling. Not only are the technologies involved advancing rapidly but the ingenuity of the bad actors is growing apace, while the regulatory environment is becoming ever more complex. So how do cyber professionals keep up?
“The cybersecurity landscape is constantly evolving. New technologies, threats and vulnerabilities emerge regularly, so knowledge can quickly become outdated unless it is maintained,” explains Claire Wilson, cyber strategy and transformation director at Deloitte. “A cybersecurity practitioner must adopt a continuous learning mindset, consistently upskilling to stay informed of the latest trends and advancements.”
It’s why it is vital for employers to support staff in maintaining and expanding their cybersecurity knowledge.
“This extends across the entire business, including not only those working directly in cybersecurity roles but also individuals working in IT operations, developers, project managers, legal, risk and compliance, as well as executive leadership,” she points out.
READ MORE
Deloitte places a strong emphasis on learning and development, and management is acutely aware of the importance of keeping its cybersecurity knowledge up to date, she adds.
“Continuous learning is a regular topic on our team meeting agendas. We encourage our team members to develop and grow their skills, supporting them on their individual learning paths,” says Wilson.
Among the most respected certifications in the sector is the Certified Information Systems Security Professional (CISSP), a globally recognised accreditation that demonstrates the holder’s ability to design, implement and manage a comprehensive security programme, including risk management, security architecture and incident response. Holders are required to undertake continuing professional development to maintain their certification.
Other respected qualifications include Certified Information Security Manager (CISM) and Certified Ethical Hacker (CEH) qualifications, the latter of which demonstrates expertise in spotting and securing vulnerabilities in IT systems, using ethical hacking techniques.
Courses are available in a mix of online and in-person delivery, with providers ranging from The Knowledge Academy to Kerry College of Further Education and Training, to University College Dublin’s Professional Academy.
Technology Ireland’s ICT Skillnet runs cyber training courses for its members, including Leading in Cybersecurity, a short course, and an MSc in Cybersecurity, a part-time, industry-approved, blended master’s degree.
But while learning the theory of cybersecurity is essential, “hands-on experience is equally important for skill development,” points out Wilson.
“At Deloitte, our teams can grow their skills in lab environments, workshops and practical training sessions. The Deloitte Cyber Academy also provides comprehensive training and certifications specifically designed for junior personnel, facilitating their growth and practical understanding of cybersecurity.”
The company also works with big tech companies to ensure its team members are maintaining their knowledge and developing their specialised skill sets in a variety of cybersecurity tools and techniques.
“We also have various internal training programmes with regularly updated modules covering the updates in threat intelligence, defence techniques and cybersecurity frameworks,” she adds.
Just as it’s important to ensure your business keeps up to speed with cyberthreats in-house, you also need to ensure your suppliers and third-party outsourced providers are equally well protected.
In that respect, seeking out those that hold ISO 27001 certification can provide a degree of comfort, says Sam Glynn of Code in Motion, a cybersecurity and regulatory compliance adviser.
ISO27001 is a globally recognised standard for information security management systems and having it demonstrates a commitment to protecting sensitive data.
With supply chain attacks, where hackers exploit a company’s supplier to access their systems and data, as well as social engineering attacks – reportedly the methodology behind Marks & Spencer’s recent cyberattack – on the rise, the standard is set to grow in importance.
At the end of the day, the most valuable cyber training you can get is the one that ensures all your staff are vigilant.
“If you look at the ISO security standards, the majority of the requirements have nothing at all to do with technology. It’s about organisational structure and governance, making sure the board, senior executives, middle managers and people on the ground are all rowing in the right direction,” says Glynn.
“If someone rowing the boat sees a shark in the water, it’s about how they let the person at the top of the boat know, and how the person at the top radios to HQ to say, ‘We’re going to need a bigger boat’.”
