July 12, 2018
Share this post:
Author: Pelin Nancarrow, Incident Response and Intelligence, IBM Security
The solution to your cyber-security needs might be closer and more readily available than you think.
Barely a week goes by without another industry report highlighting the shortage of cyber-security related professionals in Australia and New Zealand, as well as across the globe. And with the recent changes to the Australian Privacy Act, Notifiable Data Breach, the competition for people with the security skills needed to respond quickly and effectively to a data breach is going to heat up.
Encouragingly, initiatives such as IBM’s new collar approach which, focuses on skills and experience rather than a formal education and degrees, are in place to boost capabilities in this space, but what about addressing your current needs?
After all, cyber threats are very real today – and in reality you can’t afford to wait for the next wave of professionals and graduates to enter the workforce in the coming years.
Take action by identifying those best placed within your organisation to lead your response to increasing threats. So, in addition to finding talent through new hires, look within your organisation to develop cyber skills.
The right person may be right in front of you!
- Curious – they may not be working in the security team now but they are easy to spot. You know the person – the one with a natural curiosity, enthusiastic and highly adaptable, with strong analytical and diagnostic skills. They are eager to dig into technical questions and examine them from all sides. And finally is able to work methodically and is very detailed oriented.
- Brightest – many of the best and brightest people working in security today didn’t come into the field with a 4 year technical degree. Instead of looking for a degree, look at core skills, experience and aptitude.
- Life Learner – security skills can be honed through self-education, internships, and apprenticeships and on the job experience developed alongside peers.
- Re-skilling – with security tools constantly changing – and hacker methods as well – retraining and reskilling are vital. Emphasise certification programs and embed them into education programs.
The cyber security skills you need
IBM has identified several types of “new collar” cyber security roles, organisations require to address and meet their cyber security needs:
- “Ethical Hackers” (also called “pen-testers”) – companies hire people who can “think like a hacker” – to try to find security holes within their systems before the bad guys do. The role requires people with a natural curiosity, and the ability to think outside the box and consider all possible avenues a potential hacker might consider.2. Threat monitoring analyst: These analysts work on the ground in security operation centers to monitor suspicious activity on the network and use tools such as Security Intelligence & Event Monitoring (SIEM) solutions to determine which activities may be true security threats which require investigation. Multitasking, prioritizing and efficient communication skills are critical.3. Cyber help desk analyst: Provides support and instruction when users experience security incidents and events, such as receiving phishing emails or having their systems locked by ransomware.4. Technical writer: Authors manuals and supporting documents for security policies and response plans; this job is a fit for those with strong reading and writing skills, who can interpret technical subject matter and translate it into clear communications for various audiences.5. Security awareness trainer: Trains employees and customers on cyber security basics and recommended practices. They must translate complex, and sometimes scary, cyber information into simple actions and tips that users can remember and implement.
With the global nature and scale of threats, the reality of cyber security is that internal teams will face challenges to detect, protect and respond to every incident. Forming technology partnerships will be essential in staying ahead of these threats. IBM Security, provides global expertise in responding to the world’s most complex attacks and breaches and can help organisations to prepare so as breaches are handled effectively. Rapid change is constant and transformation essential to survival – combining the strengths of your own security team with your technology partners will assist your organisation to respond with speed and precision.
More information? IBM X-Force Incident Response and Intelligence Services