Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

2-sec "A Day in the Life of a Cyber Security Professional" Interop London June 2015

492 views

Published on

Tim Holman, CEO of 2-sec, presents his average day including work on data breaches, penetration testing and security audits. He also discusses the skills gap in the information security industry and how ISSA-UK is attempting to coordinate training across the industry to improve the problem.

Published in: Technology
  • There is a useful site for you that will help you to write a perfect and valuable essay and so on. Check out, please ⇒ www.WritePaper.info ⇐
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

2-sec "A Day in the Life of a Cyber Security Professional" Interop London June 2015

  1. 1. A Day in the Life of a Cyber Security Professional Tim Holman, CEO of 2-sec 18th June 2015
  2. 2. Focus on: • Typical day to day activities as CEO of 2-sec. • The highlights (and lowlights) of my cyber security career. • How to develop YOUR career as a cyber security professional. • How can the ISSA created Cyber Security Career Lifecycle™ help?
  3. 3. Tim Holman, CEO 2-sec • 20 plus years security experience in Cyber security including: – auditing – penetration testing – credit card security – ethical hacking – training – incident response • Awarded Microsoft MVP Security in 2004, 2005 and 2006 • Director of the ISSA International Board, Fellow of ISSA and Previous President of ISSA-UK
  4. 4. What do I do all day!? • Work in a multi disciplinary team across the South of England. • Help many different types of UK businesses from SMEs to large conglomerates. • All market sectors, including retail, financial, professional services hospitality. • Penetration Testing, Audits and Assessments, PCI DSS, CISO, Physical Security and Training.
  5. 5. What do I do all day!? • Most of my time is ADVISING existing and new clients. • Also responsible for projects including: – Security assessments including pen testing/physical – Card security – Auditing companies to gain industry compliance e.g. PCI DSS. – Incident Response Planning • Disaster management during data breaches. • Managing ISSA. • Each day is different.
  6. 6. Highs and Lows of my Career Highs (or the good bits) • Recognition • Making a difference • Helping others • Defeating cyber crime Lows (or the bad bits) • Box tickers • Some vendors • Sales guys • Bootcamps
  7. 7. Why are we successful? • Experience of our consultants who are KNOWN to be experts in their fields. • Experience in many different sectors. • Our commercial understanding. • We communicate well with our clients. • We provide simple, cost effective solutions in non technical language.
  8. 8. Cyber Security as a Profession • Over 50 different career types within cyber security. • Reports of 300,000 and 1,000,000 current cybersecurity positions are vacant. • Demand is expected to rise as public, private and government sectors face unprecedented numbers of cybersecurity threats. • The lack of cybersecurity talent can be an organization's biggest vulnerability, exposing it to serious risk.
  9. 9. Problems with the Profession • The Information Security profession has developed largely in reaction to threats. • Now we are paying the price with an enormous gap of skilled professionals and an entire “missing generation.” • No synergy around defining cyber security roles; e.g Network Security Analysis in USA may not have same responsibilities as those working for other countries.
  10. 10. The profession has developed in REACTION to threats Somebody is trying to get in – stop them Somebody got in – find out what they did How do we stop somebody from getting in? Stop them at the border with firewalls, then with intrusion prevention/detection • General IT support staff (system managers, networks, operators, etc.) • Security Analysts • Network Security Engineers Locking down systems to prevent further damage and retrace the steps • General IT support staff (system managers, networks, operators, etc.) • Security Analyst • Network Security Engineers • Forensic Analysts • Cyber law enforcement • Cyber legal council Locking down systems and building the defense in layers • General IT support staff (system managers, networks, operators, etc.) • Security Analysts • Network Security Engineers • Forensic Analysts • Cyber law enforcement • Cyber legal council • Security Architects • GRC Specialists • Secure Code Developers
  11. 11. There really IS a problem • Our reactive development has not allowed for: • Developing a professional career map. • Building what we need to be proactive. • “next generation”. • Well rounded skill sets. • Our industry has taken a knee jerk reaction: • Tremendous push by governments to fill the gap through formal education programs. • New training and education programs are popping up everywhere. • No collaboration between entities or countries. • No “voice” speaking for the profession/professional.
  12. 12. The Cyber Security Career Lifecycle™ The CSCL is a systematic approach that: • Enables professionals to discover the areas of weakness. • Defines personalized career map. • Provides guidance, resources, and a support system to achieve skills and career goals. www.issa.org/cscl
  13. 13. What is the CSCL? The CSCL is a systematic approach that: – Enables professionals to discover the areas of weakness in their skill sets and aptitudes. – Defines personalized career map according to the individuals knowledge, skills, aptitudes and interest. – Provides guidance, resources, and a support system to achieve skills and career goals.
  14. 14. The Cyber Security Career Lifecycle™ Pre- Professional Entry Mid- Career Senior Leader
  15. 15. Understand your career! Self -Assessment Knowledge, Skills, Aptitudes Career Mapping Personal Guidance
  16. 16. Understand your career! Understand where you currently are in your career • Career Mapping • Self assessment using KSAs ISSA resources to strengthen & grow • Knowledge sharing • Formalized training • Networking • Mentoring Direct feedback for new services
  17. 17. ISSA Career Progression Continues… • Focus on the “missing generation” • Meet-ups (virtual & in person) • Mentoring • Continuing support of all phases • Journal • Webcasts • International Conference/ CSCL Tracks • New service development using CSCL phases • International Consortium for Cyber Security Education and Professional Development (ICCE&PD)
  18. 18. Thank you very much! STAND BH514 tim.holman@2-sec.com 0844 502 2066 @2_secure www.2-sec.com Any Questions?

×