What makes a good Cyber Security Consultant?

What makes a good cyber security consultant? As cyber-crime rises, it seems every IT person is now a cyber security expert. However, with so much information floating around how do you separate the wheat from the chaff? Well, Unleashed, is here to help you decide.

As we have said many times, in various posts over the last year, cyber security is a science. The sad part though, is most IT people do not fully understand it and most IT sales people certainly shouldn’t be selling it. We say that simply because, they are not qualified to conduct such a serious technical consultation. So, with this in mind, we ask again what makes a good cyber security consultant?

Now, we will try to give you a few pointers to make your choice of an IT Security Partner easier.

1. Qualifications

Cyber security, as I have already mentioned is very technical. As the cyber criminals become more enterprising and cunning, it is very difficult to keep ahead of them. For this reason, your cyber security consultant needs to fully understand what the threat landscape is. More importantly, how to ensure you are taking maximum mitigating steps to protect your business.

Recommended standards.

Cyber Essentials Consultant

Certified Information Systems Security Professional

2. IT Experience

How can you consult on cyber security if you do not have the correct industry experience? For this, we would recommend that the cyber security consultant has been IT trained. They must understand networking, software applications, storage, cloud and firewalls. Without this knowledge, how can they help you to secure your IT systems. More importantly, make it safe against somebody who know the inside/outside and backside of an computer operation system! The average age of a computer hacker is 16 and has probably spend at least 4 years ripping computer operating systems apart. They don’t use Windows but Linux, and from a simple command line can cause havoc. These guys are true computer geeks – I blame East Enders personally as it is so depressing it is enough to get me hacking!

3. Commercial and Industry Knowledge

Every company uses IT, every company needs to protect its IT systems. However, not every company uses IT in the same way, not every company has the same IT budget. This means, you have to have good commercial and industry knowledge. Firstly, commercial knowledge, by having experience of working with different companies in different industries you get to know what everyone is doing. Some companies are very good and we can all learn from them. However, some are so outdated and with no IT budget,it becomes a real challenge to get them to an acceptable level. Secondly, industry knowledge. You have to know what cyber security solutions are available, and at what price point. If your company only sells or recommends one product, how can you be sure that product is right for your customer.  In cyber security terms, there are many different levels of security, that have different uses and benefits. You need to know all of these and how they will help protect your client – Anti Virus is not enough!

4. Your IT Manager should not be your Cyber Security Consultant

In large organisations, you have a CIO (Chief Information Officer) who runs the IT department and a CISO (Chief Information Security Officer) who deal solely in IT Security. They do this for a reason, they are two separate jobs. More importantly, the CISO can then check everything from a security point of view that the CIO does. In smaller organisations, this is quite often the job of the IT Manager, this then presents the problem of who is keeping the IT Manager right? And, is he/she putting in the correct level of security. The sensible IT Manager will work in partnership with a 3^rd party IT Security company to carry out random security tests on their systems. This then gives that company confidence that they taking the correct steps to mitigate risk.  If you have no IT staff and are completely outsourced then you are relying on that IT company to do the IT security. This is really a bad idea, you should bring in a security consultant to check on what the IT company are doing.

So, to answer my question, what makes a good cyber security consultant? Basically, you have to cover off steps 1-3 and provide a sanity check on what other people are doing on step 4. Quite often, it is a very difficult position because you are telling people they are not doing enough to protect their business. This is why you engage with a company like Unleashed.

Unleashed has all the experience, qualification and knowledge to be your Cyber Security Consultant. We will ask the difficult questions, we will test everything that your IT Manager has done to make sure there are no vulnerabilities that can be exploited by a spotty teenager! Nobody can be 100% secure, just look at some of the big boys that have been comprised over the last few months! But we can ensure you are doing everything to mitigate your business against such attacks.

And finally, I know most people are sick and tired of hearing about GDPR. But it is happening, very soon, and will affect every business. Some will be affected more than others but you have to start looking at the implications now and not leave it till next year.

To help, Unleashed, are offering, for a limited time, free network vulnerability scans to find the weaknesses and help you to plug them before 25^th May 2018. To sign up……………….. or contact us on 0333 240 0565.