Using simulated disaster management to tackle the security skills gap
With the increasing need for cyber security professionals, organisations are turning to new ways to address the skills gap facing the security sector.
Academic qualifications, such as Cyber Security & Computer Forensics BSc (Hons) and Cyber Security MSc, provide cyber security professionals with the necessary knowledge for their career, but nothing compares to real-world experience when dealing with potential network threats.
There is a line in a Star Wars film: “I should think that you Jedi would have more respect for the difference between knowledge and wisdom.” This is just as true in cyber security, where experience is equally as important as qualifications.
“When you are in a disaster recovery situation, you do not want the new person trying out the wings,” says Bruce Beam, chief information officer at (ISC)².
Unfortunately, the number of cyber security positions outweighs the number of available cyber security professionals. The demand for cyber security professionals has outpaced supply in recent years, due to emerging threats and organisations increasing the amount of business they conduct online.
According to a study, the number of organisations that reported shortages in the cyber security skills of their staff has increased over the past four years. In 2014, approximately 23% of organisations indicated this was a challenge, but this has now risen to more than 50%. Much of this rise has been due to the increasing workload of cyber security teams.
Continuing professional development (CPD) has been used to ensure that skills remain relevant. However, some training is purely academic and offers little real-world experience. “It is not like training someone to be a welder and giving them the basic skillset,” says Beam.
In order to overcome this challenge, organisations are turning to various ways to provide their cyber security interns with the necessary experience to tackle the online threats facing organisations. One way has been through mentoring schemes, where organisations assign an intern to an experienced cyber security professional. Mentoring allows a company to preserve their staff’s experience against retirement and poaching, however a drawback is that it can inadvertently reinforce bias.
Simulated disaster management
Some organisations are turning to simulated disaster management scenarios in order to provide their staff with the experience they need. Just as fire drills are used to assess how personnel respond to a potential incident, simulating critical failures allows organisations to see how their staff respond to such events.
“I always go back to my military training and one of the things we learned was to train like you are going to fight, because you will fight like you train,” says Beam.
Simulations allow cyber security personnel to experience critical failures, without any risk to the actual network or company data. These simulations can vary from disaster recovery scenarios to white hat hackers probing a company’s network defences to see how their IT teams respond to the perceived threat.
“Too many organisations talk about disaster recovery, but never really test it and make sure it is working the way they think it is working,” says Colin Tankard, managing director of Digital Pathways.
source computerweekly
Industry: Cyber Security News
Latest Jobs
-
- 6 month contract Operational Cyber Security - SIEM, Vulnerability, Cyber Essentials + London, Inside IR35
- City of London
- Depending on experience
-
6 month contract inside IR35 Operational Cyber Security London c50% of the role is day to day operations / administration / liaising with 3rd party monitoring suppliers. More though investigations, getting ready for cyber essentials plus. Following up on vulnerability management. 20-30% active monitoring of alerts, tooling etc. 10% reporting / light oversight of junior Experience with Microsoft defender / Azure, Splunk, Tenable Experience in maintaining Cyber Essentials Plus is a big bonus. Knowledge across ISO27001, NIST GDPR required. Inside ir35 need someone in their London (city) office 2-3 days a week.
-
- CONTRACT Fluent French AND English Cyber Security Project manager - 12 month
- United Kingdom
- Dependent on experience
-
Fluent French / English Contactor cyber Security Project Manager needed. Experience in migrating technical cyber services from one physical region to another. Experience with Crowdstrike, Tanium, Palo Alto and or Zscaler ideal or comparable solutions. Language fluency in French AND English is essential. 12 month contract. Looking to start June. Day rate dependent on Experience. Apply today for more details
-
- GRC Security Contractor - Achieve SOC2 Type 1 Compliance - 6 month
- London
- Dependent on experience
-
GRC security practitioner needed to ensure a financial service business to achieve SOC 2 type 1. Experience managing the end to end process is key, you will be the key individual to deliver this within a 6 month deadline. Experience of SOC 2 type 1 / type 2. The gathering of evidence, baseline of 27001, ukdpa, GDPR NIST etc. Looking to interview ASAP.
-
- Contact 12 month- Security Operations- Crowdstrike Falcon Insight EDR / Analyst.
- United Kingdom
- Dependent on experience
-
Security Operations engineer / Analyst with Crowdstrike Falcon Insight EDR experience for a 12 month contract. Experienced Contractor with Crowdstrike Falcon Insight: Endpoint detection and Response (EDR) experience needed - 12 month rolling project. Implementation, configuration and Analyst experience needed with Crowdstrike Falcon Insight: (EDR) Migration project- relocating capability internationally. technically implementing, configuration of that that migration and then transition to BAU role monitoring. DCL Search exclusive associate Project.