i-4's tips on patching the cybersecurity knowledge gap

Matthew Roach, Head of i-4, the International Information Integrity Institute, shares some cybersecurity guidance for global corporations.

There were more security vulnerabilities disclosed in 2020 (18,103) than in any other year to date – at an average rate of 50 CVEs per day. With threat actors trying out new hacking techniques every day, as well as new network features and tools being regularly released (which introduce new vulnerabilities), it is hard for CISOs to keep up. In an attempt to mitigate these threats, global corporations continue to patch and upgrade systems, but what about patching the knowledge gaps of their staff?

Those in charge of security are frequently so busy maintaining and refining the security standards within their corporation, they almost have no option but to neglect their own well-being and professional development. In such a fast paced industry, how can security professionals ensure their knowledge is up-to-date?

Here Matt Roach shares a few tips for global corporations.    

  • Identify your knowledge gaps: Work out where your knowledge gaps are and acknowledge where you can improve by defining your objectives and industry needs, and determine whether you have the skills to meet them.
  • Collaborate with colleagues: Have conversations with your peers – they may not have the technical expertise, but they will be able to tell you the pain points they experience with security, and how it can be improved.  
  • Keep on training: Ensure you regularly brush up on your technical knowledge through academic courses and completing  industry certifications.
  • Learn from your team: Hire a diverse talent pool who can provide different perspectives that you can learn from.
  • Join an industry trust group: Learn from the experiences of other security leaders and share wisdom within a peer-to-peer network to increase your understanding of cyber security approaches.
  • Ensure you are adequately resourced with budget and staff: The ever-present pressures on time and delivery make it all too easy to sacrifice the investment in learning from others. Make your case to the Board to ask for additional team members, so that training is actually possible.
  • Lean on vendors and service providers for support: Third parties that you work with will help fill the gaps.

About Matthew Roach - Head of i-4

Matt is Head of i-4 and leads the world's longest running cyber security leadership community. i-4 is a confidential trust group for chief information security officer (CISOs) and cyber security leaders to find enriching content in order to stay ahead of today's cyber security challenges.

He has led the investigation of some of the most demanding organised crime cases in the UK, operating at the very highest levels of covert policing and latterly in commercial cyber security. He began his career with the Metropolitan Police Service, rising to the Serious and Organised Crime Agency and latterly the National Crime Agency and is a founder of the National Cyber Crime Unit. Matt led the National Cyber Crime Unit's Tactical Industry Partnerships Team to many operational successes, collaborating with global law enforcement and private sector partners.

Share

Featured Articles

Founder Shield MD on Navigating Multi-Cloud Complexities

Founder Shield Managing Director Jonathan Selby talks strategies to navigating the complexities of multi-cloud set ups

Qodea CISO Explains How Cyber Threats Could Outrun Cost

Qodea CISO Business Manager Ed Russell explains how growth in sophistication and volume of attacks means current investment in defences falls short

Nokia and NL-ix Deploy Europe’s Largest IXP-Based Anti-DDoS

This collaboration between Nokia and NL-ix is unprecedented both being Largest IXP-Based Anti-DDoS, but the first anti-DDoS solution deployed by an IXP

Bridging the Gap: Examining the UK-US Data Bridge

Data Breaches

Hiddenlayer CSO Tells Why It Made an AI Security Council

Technology & AI

Cooperation Key Theme at Microsoft Endpoint Security Summit

Cyber Security