2-sec "a day in the life of a cyber security professional" interop london june 2015
TRANSCRIPT
A Day in the Life of a Cyber Security Professional
Tim Holman, CEO of 2-sec18th June 2015
Focus on:• Typical day to day activities as CEO of 2-sec.• The highlights (and lowlights) of my cyber
security career.• How to develop YOUR career as a cyber security
professional.• How can the ISSA created Cyber Security Career
Lifecycle™ help?
Tim Holman, CEO 2-sec• 20 plus years security experience in Cyber security including:
– auditing – penetration testing – credit card security – ethical hacking – training – incident response
• Awarded Microsoft MVP Security in 2004, 2005 and 2006• Director of the ISSA International Board, Fellow of ISSA and
Previous President of ISSA-UK
What do I do all day!?• Work in a multi disciplinary team across the South
of England.• Help many different types of UK businesses from
SMEs to large conglomerates.• All market sectors, including retail, financial,
professional services hospitality.• Penetration Testing, Audits and Assessments, PCI
DSS, CISO, Physical Security and Training.
What do I do all day!?• Most of my time is ADVISING existing and new clients.• Also responsible for projects including:
– Security assessments including pen testing/physical – Card security – Auditing companies to gain industry compliance e.g. PCI DSS.– Incident Response Planning
• Disaster management during data breaches. • Managing ISSA.• Each day is different.
Highs and Lows of my CareerHighs (or the good bits)• Recognition• Making a difference• Helping others• Defeating cyber
crime
Lows (or the bad bits)• Box tickers• Some vendors• Sales guys• Bootcamps
Why are we successful?• Experience of our consultants who are
KNOWN to be experts in their fields. • Experience in many different sectors.• Our commercial understanding.• We communicate well with our clients.• We provide simple, cost effective solutions
in non technical language.
Cyber Security as a Profession• Over 50 different career types within cyber security.• Reports of 300,000 and 1,000,000 current
cybersecurity positions are vacant. • Demand is expected to rise as public, private and
government sectors face unprecedented numbers of cybersecurity threats.
• The lack of cybersecurity talent can be an organization's biggest vulnerability, exposing it to serious risk.
Problems with the Profession• The Information Security profession has
developed largely in reaction to threats. • Now we are paying the price with an enormous
gap of skilled professionals and an entire “missing generation.”
• No synergy around defining cyber security roles; e.g Network Security Analysis in USA may not have same responsibilities as those working for other countries.
The profession has developed in REACTION to threats
Somebody is trying to get in – stop them
Somebody got in – find out what they did
How do we stop somebody from getting in?
Stop them at the border with firewalls, then with intrusion prevention/detection• General IT support staff
(system managers, networks, operators, etc.)
• Security Analysts• Network Security Engineers
Locking down systems to prevent further damage and retrace the steps• General IT support staff
(system managers, networks, operators, etc.)
• Security Analyst• Network Security Engineers• Forensic Analysts• Cyber law enforcement• Cyber legal council
Locking down systems and building the defense in layers• General IT support staff
(system managers, networks, operators, etc.)
• Security Analysts• Network Security Engineers• Forensic Analysts• Cyber law enforcement• Cyber legal council• Security Architects• GRC Specialists• Secure Code Developers
There really IS a problem• Our reactive development has not allowed for:
• Developing a professional career map.• Building what we need to be proactive.
• “next generation”.• Well rounded skill sets.
• Our industry has taken a knee jerk reaction:• Tremendous push by governments to fill the gap through
formal education programs.• New training and education programs are popping up
everywhere.• No collaboration between entities or countries.• No “voice” speaking for the profession/professional.
The Cyber Security Career Lifecycle™
The CSCL is a systematic approach that:• Enables professionals to discover the areas of
weakness.• Defines personalized career map.• Provides guidance, resources, and a support
system to achieve skills and career goals.
www.issa.org/cscl
What is the CSCL?
The CSCL is a systematic approach that:– Enables professionals to discover the areas of
weakness in their skill sets and aptitudes.– Defines personalized career map according to the
individuals knowledge, skills, aptitudes and interest.– Provides guidance, resources, and a support system
to achieve skills and career goals.
The Cyber Security Career Lifecycle™
Pre-Professional
Entry
Mid-Career
Senior
Leader
Understand your career!
Self -Assessment
Knowledge, Skills, Aptitudes
Career Mapping
Personal Guidance
Understand your career!Understand where you currently are in your career
• Career Mapping• Self assessment using KSAs
ISSA resources to strengthen & grow• Knowledge sharing
• Formalized training • Networking• Mentoring
Direct feedback for new services
ISSA Career Progression Continues…
• Focus on the “missing generation”• Meet-ups (virtual & in person)• Mentoring
• Continuing support of all phases • Journal• Webcasts• International Conference/ CSCL Tracks
• New service development using CSCL phases• International Consortium for Cyber Security Education
and Professional Development (ICCE&PD)
