There were more security vulnerabilities disclosed in 2020 (18,103) than in any other year to date – at an average rate of 50 CVEs per day. With threat actors trying out new hacking techniques every day, as well as new network features and tools being regularly released (which introduce new vulnerabilities), it is hard for CISOs to keep up. In an attempt to mitigate these threats, global corporations continue to patch and upgrade systems, but what about patching the knowledge gaps of their staff?
Those in charge of security are frequently so busy maintaining and refining the security standards within their corporation, they almost have no option but to neglect their own well-being and professional development. In such a fast paced industry, how can security professionals ensure their knowledge is up-to-date?
Here Matt Roach shares a few tips for global corporations.
- Identify your knowledge gaps: Work out where your knowledge gaps are and acknowledge where you can improve by defining your objectives and industry needs, and determine whether you have the skills to meet them.
- Collaborate with colleagues: Have conversations with your peers – they may not have the technical expertise, but they will be able to tell you the pain points they experience with security, and how it can be improved.
- Keep on training: Ensure you regularly brush up on your technical knowledge through academic courses and completing industry certifications.
- Learn from your team: Hire a diverse talent pool who can provide different perspectives that you can learn from.
- Join an industry trust group: Learn from the experiences of other security leaders and share wisdom within a peer-to-peer network to increase your understanding of cyber security approaches.
- Ensure you are adequately resourced with budget and staff: The ever-present pressures on time and delivery make it all too easy to sacrifice the investment in learning from others. Make your case to the Board to ask for additional team members, so that training is actually possible.
- Lean on vendors and service providers for support: Third parties that you work with will help fill the gaps.
About Matthew Roach - Head of i-4
Matt is Head of i-4 and leads the world's longest running cyber security leadership community. i-4 is a confidential trust group for chief information security officer (CISOs) and cyber security leaders to find enriching content in order to stay ahead of today's cyber security challenges.
He has led the investigation of some of the most demanding organised crime cases in the UK, operating at the very highest levels of covert policing and latterly in commercial cyber security. He began his career with the Metropolitan Police Service, rising to the Serious and Organised Crime Agency and latterly the National Crime Agency and is a founder of the National Cyber Crime Unit. Matt led the National Cyber Crime Unit's Tactical Industry Partnerships Team to many operational successes, collaborating with global law enforcement and private sector partners.