The Cyber Security function is slowly being recognised for its importance, but, we are still experiencing a major talent shortage. GDPR (General Data Protection Regulation) will also be effective as of May 2018 which leads to many companies confused about what they should do about it. Which is why we asked CISO of the year, Mike Loginov, about the challenges in Cyber Security and how to overcome them:
What has been the biggest, most recent, Cyber threat globally?
With the growing connectivity and convergence of IT and OT systems through the development of IIoT and IoT the threat platform has dramatically increased – Critical infrastructures and key assets are exposed to compromise and manipulation. Black Energy 2, Havex, Flame, Duqu are all examples of early stage attacks in this space. We can expect to see more of this type of activity and takes the risk beyond a data compromise to more significant consequences.
How has the Cyber Security ‘market’ changed?
Realisation that technology alone is not the answer and that professional motivated adversaries will use more comprehensive and creative tactics to achieve their aims.
Why do you think there is a Cyber Security talent shortage?
Cyber Security is still seen as predominantly an IT discipline. There are clearly defined roles in IT. Cyber is still a relatively immature discipline where roles and responsibilities are still in an evolving state. It can be costly to get the ‘tick box’ certifications at entry.
What is the biggest obstacle on becoming a Cyber Security professional?
Depends on how you define the word professional. Some of the best hackers are self-taught, they don’t have the qualifications that industry would normally associate with the word “professional.” To answer from a more traditional perspective there is a significant cost to taking and maintaining professional qualifications (“the tick boxes”) organisations are increasingly expecting to see.
And how do you overcome that?
There are a growing number of opportunities advertised for Cyber Security professionals however they still lean mainly toward IT security. Recognise that certain roles certifications help but in others it’s a potential hindrance. Look for evidence of skills, expertise, experience and ability to think like your adversary(s).
How can companies overcome the talent shortage?
Support and sponsor educational programmes – university, higher education, offer apprenticeships and self-develop staff. Use the experienced and qualified interim market place to assist with skills transfer.
How can companies best attract cyber talent?
Develop interesting and well paid roles with a clearly defined promotional path and support the ongoing development of skills through the support of continuous CPD training.
What cyber training programmes or courses would you recommend?
Apart from the usual suspects of C|CISO, CISSP, CISM, CISA, CDPO adding GICSP (Sans ICS410).
What advice would you give SME’s on preparing for GDPR?
If you haven’t already done so get started now as there are two roughly 6 month projects that need completing with the deadline for May 2018 looming.
As CISO of the year, what qualities do you feel are most important in a Cyber Security professional?
From the perspective of the CISO role the ability and credibility (Balance of Business, Commercial, Operational, Risk Management and Leadership with an eye on technology) needed to influence the board of directors towards the need to invest and take Cyber Security seriously convincingly champion the fact that it’s not purely an IT issue. Beyond that Cyber Security professionals need to understand how adversaries operate and think (offensive) and then have the creativity to mitigate and develop a resilient posture to protecting the organisation and its clients/staff/stakeholders/shareholders.
Mike Loginov is an experienced CISO and DPO (Data Protection Officer) with more than 30 years working in international cyber, information, data and operational technology. Mike also won the Industry Cyber Security Awards Personality of the Year 2016.