where do i go next?

As a relative rookie in the Cyber Security sector, my initial start has been exhilarating and confusing. You see, ever since I was a youngster I have always had to understand why and how things get done. I am a bit OCD!

Everyone I talk to tells me, Cyber Security is the place to be!

Everyone tells me how much demand versus very little supply of resources there is, but really that’s no better than saying there’s a lack skilled people in IT. To me, Cyber Security sits across the entire Information Technology space and is therefore a huge sector of the market. And so just as in IT, you have to focus on a sector of the market in order to be an expert in what you do, in order to be a success

Where do I focus?

A few years ago, while working in James Caan’s original recruitment business, Alexander Mann I was given a lucky break and handed 10 CVs of people with “Sapp” skills, or at least that’s how I thought it was spelt. Quickly, I learned it was in fact the German software giant SAP that was in huge demand but with little supply of resources. I loved the sound of it; high demand, expensive skills and always handled by the decision makers of companies due to its handling of the key business processes of the large enterprises. Soon after, I built my business over the years with offices in London, Moscow, KL, Cyprus, Nigeria, California and Toronto. I had found my niche resourcing for large consultancies such as PwC, IBM & Accenture and becoming known as the SAP Oil resource guys. It was exhilarating and highly rewarding.

And here I am in a not dissimilar situation – the entire Cyber Security world is demanding skils, but there appears to be relatively few people. As a result, on my table sits an “elephant” and I can’t eat it all at once. So which bit do I eat first? What are the bit size chunks?

Where do we want to be?

I’ve reached a time in my life where it’s all about the relationships we have. Helping great companies do an even better job through process integration and protecting their internal and customer data from the “bad-guys” through the provision of world-class people.

You see, I love people and love helping them achieve their goals. There’s nothing better than understanding where they want to be and doing my part in helping them achieve it.

The Next Steps?

At the end of the day, a good recruitment business needs to be able to supply good people and to find good people you must know what you’re talking about. To have the loyalty of your candidates you must do your bit in helping them achieve their goals.

I am lucky already to have found some amazing talent and wonderful people and they are regarded as some of the best at what they do in their respective spaces. Therefore, it all must begin in finding them the jobs/contracts they deserve. Their skills are diverse, but each one rests at the top of their fields within Enterprise Integration and Security……my chosen sector.

Over the coming days, I must find them the work they want and put in the hours that it takes. I’m excited!

But what is the niche?

The world is a buzz with everyone talking about malware and hackers. Most recently, WannaCry and Petra and everyone I talk to, says it’s going to get worse and worse. The media will hype it further and everyone will be talking about it, but again it’s an “elephant” and so where do I focus?

So far, this is the direction I have been given. What do you think?

User Behavior Analytics: How many times have you read or heard about user behavior analytics (UBA)? Maybe not that often, but my friends in the US keep telling me it’s the place to be. Today the term applies to security managers and auditors but not to security administrators. User behavior analytics enable IT teams to track and analyze behavioral anomalies and monitor watch-lists, trends and many other factors relative to users. UBA is a useful tool for analytics and statistics, but they say we should not confuse it with security.

This type of monitoring is apparently not efficient and should be reserved for specific investigations, not general security?

Think about it in terms of your home. Would you provide free access to anyone just because you are monitoring every room, door and corner in and around your home? Despite the active monitoring, you would not be able to keep the strangers in your home from committing theft or otherwise violating your environment. Of course, you can analyze and identify the source of a violation, but this would make for a weak approach to security.

To continue the analogy, you must know every corner of the house like the back of your hand. How many doors do you have, and which of them are open? Determine where your most precious treasures are located, identify the most critical or vulnerable points and restrict access accordingly. You may be able to identify a thief with UBA, but recovering stolen goods is another story. As a result, is this the niche I should target?

Data Loss Prevention: Enterprise data loss prevention (DLP) has become a key piece of a broader data life cycle process supported by technology, as opposed to DLP simply being another technology buying decision. Any regulatory compliance requirements beyond the most basic of use cases are better addressed through the unified workflow of enterprise DLP products. Enterprise DLP is typically adopted for intellectual property protection, particularly in large multinational organizations. Data visibility and monitoring observed by enterprise DLP products alone do not convey who the riskiest users are in an organization.

It was only the other day, a friend and his amazing brain said that this is the place to be. What do you think?

Internet of Things: But then we have the enormous growth of the extended endpoints, care of IoT. Is this the place to be, with all those at risk SCADA platforms and the new threats of hackers trying to “take-down” our utilities infrastructure?

The Internet of Things (IoT) demands a wide range of new technologies and skills that many organizations have yet to master. A recurring theme in the IoT space is the immaturity of technologies and services and of the vendors providing them. Architecting for this immaturity and managing the risk it creates will be a key challenge for organizations exploiting the IoT. In many technology areas, it is the lack of skills that will also pose significant challenges. As a result, is this my opportunity?

Application Security: and of course, I have to look at my comfort zone and securing the business processes, data and software that served me so well, those years ago. I am told with up to 80% of core business data sitting in here, this is the area in which I must focus . What do you think? Enterprises face multiple issues regarding security as attackers evolve and become more versatile and sophisticated, thus increasing security compliance requirements. In order to address this issue, organizations must implement application security across any crucial enterprise applications that are susceptible to threats. Is this the place to be?

At this stage, who knows?

Long ago, a far more intelligent man than I said to me, “to be a success in this world, merely find out what people want and work hard, go out of your way to give it to them”. That’s my aim, that’s my passion!