Cyber Smart Week 2024 is fast approaching
With Cyber Smart Week fast approaching on October 21, 2024, it's the perfect time to interview Melonie Cole, a former colleague from our Telecom days. Melonie now owns Mindshift, a prominent cybersecurity company based in New Zealand. We both worked at Telecom over a decade ago and we were discussing how different cyber security and information privacy has become. Security of course has its own career path now, and many professionals cross-over into this industry either through work, or they make a conscious effort to retrain in Security.
Melonie’s website https://www.mindshift.kiwi/ contains a wealth of useful cyber information so be sure to go over and take a look!
?
8 Questions.
Background and Career Path
How did you end up in cybersecurity? What motivated you to pursue a career in this field?
Working for a big corporate like Telecom / Spark enabled me to experience different aspects of business. Most roles I had during my 7 years there were IT related but had a very strong communications and training thread. I ended up in the cyber team following a stint working on privacy communications – I thought it would be for a few months but lasted 2 years! My role was to kick-start the cyber security training and awareness programme, drawing on my comms and change management background. Working alongside consultants who had done this before was helpful but once they finished, I was able to take the reins and became part of the awesome cyber team at Spark. I literally knew nothing about security and learned from a great bunch of people who supported the need for staff training and helped me tremendously (Google was also helpful back then!).
?
Company Overview
Can you tell us about Mindshift and the types of cybersecurity services you offer?
I founded Mindshift in 2018 when I left Spark and saw a niche in the market for bespoke cyber security training and awareness services. While businesses have plenty of off the shelf training SaaS, no one offered customised solutions. This is a difficult area to work in as it requires us to get to know our customers, their ways of working and security set-ups. We build strong relationships which is extremely rewarding. Our work can be applied to any English-speaking business, anywhere in the world. We have helped businesses in most sectors – health, banking manufacturing, energy, aviation, and legal.
?
Current Threat Landscape
What types of cyberattacks are most common today, and what best practices can organizations implement to protect themselves?
From a human cyber risk perspective, we understand that social engineering (tricking people to part with information / money through different forms of phishing) remains a constant. Cyber criminals are now using AI to create very convincing phishing emails, deepfake voice-? cloning and AI generated picture scams which obviously makes it even harder for people to tell the difference between real and fake.
?
Businesses need to take advantage of security features within technology such as email warning banners, email filtering, anti-virus so people don’t feel the burden of being the only form of protection against cyber-crime.
Businesses also need to build a good security culture where people feel supported with information about how to stay safe online, where to get help, and when to report a possible security issue – without blame or shame.
Many businesses still do simulated phishing and while there is a place for this, tailored cyber training and ongoing awareness is a critical aspect of helping people keep information secure.
?
Cyber security training and awareness professional role
What are the daily responsibilities of a cyber security training and awareness professional , and how do they contribute to overall cybersecurity strategy?
Very few businesses in NZ have anyone dedicated to providing this critical component of cyber security. Often training and awareness is given to a cyber analyst who may be able to give it a few hours a week. For a business with around 500 staff, I feel one dedicated training and awareness professional is the minimum. Along with developing training and regular awareness comms, these people provide a vital connection between security operations (who are aware of issues, incidents etc), service desk (who are aware of questions, requests, issues etc) and staff. There is much to learn from working closely with all security staff.
?
Career path and qualifications
What qualifications and skills are necessary to transition into a cyber security training and awareness professional, and how long might it typically take? Additionally, what is the potential salary range for cybersecurity professionals?
A background in communications or marketing would be very helpful for a cyber security training & awareness professional role, and of course a real interest in security and helping people. Security roles are (generally) well paid but very specialised. There are very few specialised people working full time in New Zealand that do this role.
领英推荐
Other related roles include:
·?Junior Security Analyst.
·?Security Operations (SecOps).
·?Security Analysts (Data).
·?Security Incident Response.
·?Security Risk, Assurance and Compliance. This includes Governance.
·?Cyber Information Security Officer – CISO.
?
Industry Events
What is Cyber Smart Week, and can non-security professionals gain value from participating?
Cyber Smart Week is run by OwnYourOnline – part of MBIE’s CERT NZ team’s work to raise awareness of cyber security issues for businesses and Individuals around New Zealand. CERT NZ?receives cyber incident reports, tracks cyber security incidents or attacks, and provides advice and alerts to its customers on how to respond and prevent further attacks. This annual event aims to make New Zealanders more cyber resilient, educate people on typical attacks and raising the awareness of the ever-increasing importance to keeping people safe online.
Consult the Cyber Smart Week website:
?
Future Trends and Staying Updated
How do you see the cybersecurity landscape evolving in the coming years? What strategies do you implement to stay ahead of industry changes?
Connect with industry leaders via LinkedIn, follow their posts and engage with their content. Seek out conference such as SANS Security Awareness Summit – a great online (or in person) event with leading international speakers. Attend NZ conferences such as Christchurch Hacker Con https://2024.chcon.nz/ and NZITF https://nzitf.org.nz/ to meet peers and other security professionals. And connect with other awareness professionals in NZ, we are a friendly bunch who are happy to share ideas and experiences.
?
Resources and Learning
Can you recommend any websites, blogs, or security experts that are valuable for IT professionals to follow in order to stay informed about cybersecurity trends and developments?
Relating to cyber security training and awareness, check out -
·?SANS Security Awareness.
·?Follow Lance Spitzner, Dr Jessica Barker, Perry Carpenter.
·?Follow industry leader – CybSafe and use their free SebDB human risk database (it’s amazing).
·?Look at OwnYourOwnOnline resources from NCSC.
·?NZITF have a mentoring programme.
?
Question to you: for the cyber professionals out there – where did you start and where has it led you?
Founder & Director | Cyber Security Training & Awareness | Mindshift | Helping people be cyber safe | Digital safety
5 个月Thanks for the opportunity to share my thoughts about the ever changing world of cyber Phil Cregeen CBAP ?? It’s an exciting industry to be part of with many people happy to support thise who are keen to dip their toes into the industry. I have been grateful of the time people have given me as I continue to learn every day! Fond memories of my time at Telecom and those amazing people I met during the OpSep Project!