The European Cyber Resilience Act

The European Cyber Resilience Act

On 15 September 2022, the European Commission published its proposal for a new Regulation that sets out cyber security related requirements for products with “digital elements”, known as the proposed Cyber Resilience Act (the CRA).

Hardware and software products are increasingly subject to successful cyberattacks, leading to an estimated global annual cost of cybercrime of €5.5 trillion by 2021. The CRA introduces common cyber security rules for manufacturers, developers and distributors of products with digital elements, covering both hardware and software.  The rules seek to ensure that: (i) connected products and software placed on the EU market are more secure; (ii) manufacturers remain responsible for cyber security throughout a product’s life cycle; and (iii) consumers are properly informed about the cyber security around the products that they buy and use.

 

Such products suffer from two major problems adding costs for users and society:

    1. A low level of cyber security, reflected by widespread vulnerabilities and the insufficient and inconsistent provision of security updates to address them.
    2. An insufficient understanding and access to information by users, preventing them from choosing products with adequate cyber security properties or securely using them.

While existing internal market legislation applies to certain products with digital elements, most of the hardware and software products are currently not covered by any EU legislation tackling their cyber security. In particular, the current EU legal framework does not address the cyber security of non-embedded software, even if cyber security attacks increasingly target vulnerabilities in these products, causing significant societal and economic costs.

Two main objectives were identified aiming to ensure the proper functioning of the internal market:

    1. Create conditions for the development of secure products with digital elements by ensuring that hardware and software products are placed on the market with fewer vulnerabilities and ensure that manufacturers take security seriously throughout a product’s life cycle.
    2. Create conditions allowing users to take cyber security into account when selecting and using products with digital elements.

To combat these growing cyber security costs and address vulnerabilities, the Commission notes four specific goals for the Cyber Resilience Act:

    1. To ensure manufacturers improve the cyber security of covered products throughout the whole life cycle.
    2. To create a single, coherent framework for cyber security compliance in the EU.
    3. To increase the transparency of cyber security practices and properties of products and their manufacturers.
    4. To provide consumers and businesses with secure products ready for use.

Torquil Macleod, Director and Founder of Via Resource states, “many of the essential cyber security requirements simply mirror good practice and therefore many companies will not have significant work to do in this regard. The only two complex pieces are:

    1. Working out which type of conformity assessment products may require and producing/updating a raft of policies, procedures and other documentation required by the CRA.
    2. Reporting obligations under the CRA will add burden to companies already facing reporting requirements under data protection law, the NIS Directive and other sector-specific legislation. Reporting obligations placed on distributors and importers may also create tension in the supply chain and during contract negotiations as manufacturers will undoubtedly be nervous about distributors and importers reporting products’ potential vulnerabilities to market surveillance authorities.”

Subscribe To Our Newsletter

What about the UK?

As the UK is no longer a member of the EU, it will not be bound by the new rules.  However, the UK is in the process of passing a similar piece of legislation called the Product Security and Telecommunications Infrastructure Bill (PSTIB).  The PSTIB is currently at the report stage in the House of Lords meaning that the Bill has almost completed its legislative passage.  The PSTIB includes a power for the Secretary of State to specify security requirements relating to relevant connectable products and places obligations on manufacturers, importers and distributors about those security requirements.  Sanctions for non-compliance with the PSTIB are similarly high, up to the greater of £10 million or 4% of worldwide revenue over the most recent complete accounting period.

The Regulation will impact a broad range of parties in the technology supply chain, who should consider how the additional cyber security requirements will impact their manufacturing and distribution processes. Whilst most of the obligations will come into effect 24 months after entry into force, manufacturers will only have twelve months to comply with the CTA’s reporting obligations. 

Penetration Testing in 2023: Key Trends and Challenges

Penetration Testing in 2023: Key Trends and Challenges

As enterprises start preparing to put the chaos of 2022 behind them and focus on 2023, It is imperative to understand one aspect that cannot be “put behind.” Penetration Testing remains a fundamental aspect that organisations should not overlook. Nobody can predict how cyber security will evolve since it is continuously changing, but some trends are becoming more apparent soon. Here are some new trends that are probably going to be more common in 2023.

Penetration Testing Trends

1. Remote and hybrid work culture

Remote work culture has enabled flexibility for the employees and organisations with a positive impact on productivity, however, it has increased the need for cyber security teams. Scanning all networks, including the company’s laptop and mobiles that are in different locations. This opens multiple entry points for the malicious threat, if they penetrate through one device; the whole network is compromised.

2. Penetration testing tools

The use of manual as well as automated tools in penetration testing has significantly increased recently. Every organisation uses at least one such tool. These tools can cover a broad range, including SQL injection, port scanning, password cracking, and more. You can carry out complete Web Application Pen testing with the help of pen testing tools. Most respondents who use these tools say that comprehensive reporting is the primary feature they would like to have in pen testing tools.

3. Penetration testing is becoming Artificial Intelligence (AI)-Centric

Artificial intelligence (AI) can counteract attacks or cybercrime by determining patterns of behaviour that indicate anything extraordinary or unusual may be taking place. Significantly, AI means this can be done in systems that require coping with hundreds of events taking place each second, which is usually where cyber criminals will try to strike. It is the predictive powers of AI that make it so constructive here, which is why more and more enterprises will be investing in these solutions as we move into 2023. These attackers are also using this technology to make their attacks more sophisticated and lethal for your IT system. It sometimes becomes difficult to identify such attacks, let alone mitigate them. You can counter this situation by adding enough AI algorithms to your penetration testing process which can help to determine critical cyber security risks.

4. Inclusion of machine learning

Machine learning can potentially make all cyber security processes more proactive, including Web Application Pen testing. It makes the process simpler, more effective, and less expensive. Integrating machine learning algorithms into the pen testing processes can help forecast and react to active attacks in real time. Implementation of ML techniques becomes easier every next time as it learns from the previous execution and will take less time in every consecutive test.

5. Rising ransomware threats through Crypto

Ransomware is increasing in frequency and has the potential to cause damage like never before. It involves cryptography techniques to seize data and online assets of the organisation until the ransom is paid. The ransom is in the form of untraceable cryptocurrency. Phishing is typically used to deploy ransomware to trick the victims. User awareness along with updated penetration testing techniques is what you need to mitigate these threats.

6. Cloud-Services Attacks

Both remote and on-site workplaces now lean heavily on every cloud service. Remote work has enhanced cloud security concerns, yet the threats transcend beyond the move to distributed employees. Threats count API vulnerabilities as well as traditional software issues. Flaws in the configuration as well as integration, counting authorization, and authentication, of one cloud service, can bring about broader issues. For instance, cyber attackers are leveraging vulnerable PaaS (Platform as a Service) products to extend the reach of their ransomware or malware. The rewards of the cloud are sometimes enough to outweigh the threats. Using a programmatic approach, a company can reduce the threats of increasing cloud operations and build a foundation for a safe and sound future.

7. The Rising Threat of Ransomware

The new research by PwC revealed that technology executives anticipate increasing ransomware attacks in the year 2023. Ransomware usually includes infecting gadgets with a virus that locks files away behind firm cryptography and threatens to demolish them unless a ransom is paid, generally in the shape of untraceable cryptocurrency. On the flip hand, the software virus may terrorize publishing the data publicly, leaving the company liable to massive fines.

Ransomware is naturally deployed via phishing attacks – where workers of an organisation are tricked into offering details or clicking a link that downloads the malware or ransomware software onto a system. But, currently, a direct infection via USB devices by folks who have physical access to gadgets is becoming ever more common. Education is a highly effective means of tackling this risk, with research revealing that employees who are aware of the threats of this kind of attack are nine times less likely to fall prey.

Subscribe To Our Newsletter

Penetration Testing Challenges

Core Security, Penetration Testing Report shows significant challenges when asked about their top security concerns:

    • Phishing (80%)
    • Ransomware (68%)
    • Misconfigurations (57%).
    • Password quality (55%)

Ransomware: an urgent concern

A paramount concern in 2023 is ransomware, which has dramatically increased, as ransomware attacks were primarily initiated using phishing emails. According to research from the Malware Report, the average ransom from these attacks was $220,298 with the average cost for data recovery and malware removal due to a ransomware attack being $1.85 million globally.

The Impact of remote work

The last two years have dramatically impacted work dynamics, with companies worldwide announcing a permanent move to remote or hybrid models. Security professionals see new challenges and a shift in priorities, where IT departments cannot verify how users manage their home networks, potentially opening them up to outside threats. Cyber security professionals can identify and account for vulnerabilities by running more network security tests.

Use of penetration testing tools

The Penetration Testing Report saw all respondents use at least one tool or software to perform their tests, including SQL injection, port scanning, password cracking, and more. As such, security professionals tend to leverage various tools to ensure their needs are covered.

Most respondents (78%) use free and commercial pen testing tools with free open source tools only 11%, showing that organisations have devoted a budget to necessary software to keep their data and networks safe.

Penetration Testing is integral

Penetration testing remains a crucial aspect of organisation’s security strategy, where businesses have increased their security budget, recognising and responding to the increase in threats. Leveraging the right tools along with regular and thorough penetration testing is the best way to ensure a reduction in security risks for organisations and their end-users.

 

Nobody knows what the future holds for cyber security, and several verticals are still working out how to safeguard their networks amid the pandemic’s uncertainty and confusion. But these recent trends and challenges give us a sight of what we might be expecting in the upcoming years. IT security administrators, software developers and penetration testers will be in heavy demand for decades to come.

 

Information and Cyber Security 2022 wrap up

Information and Cyber Security 2022 wrap up

Last year we dived into five predictions on how 2022 will pan out, below we will go through these trends to see how these planned out.

1. Ransomware

We predicted an increase in ransomware, where it is still seen ransomware attacks are amongst the top growing threats in the cyber security industry. The damage they can cause to a business is immeasurable, effecting the organisation financially, the reputation, and the operation of the business. With 91% of security leaders are now regularly reporting on ransomware to the board.

In the UK, Gov.uk has shown in 2022, 39% of businesses have identified a cyber-attack, which remains the same in 2021. However, it is suggested that less cyber mature organisations in this space may be underreporting.

The Sophos State of Ransomware Report 2022 delves into ransomware statistics specifically and found that UK organisations managed to block 43% of ransomware attacks before data was encrypted, this was above the average of 35%. For successful attacks, around 13% of companies went ahead and paid the ransom demanded by cyber criminals. This was below the global average (26%). While only a small portion of companies paid the ransom, ransomware attacks can still be very expensive to fix. The average cost for UK organisations was $1.08 million. However, this is still a substantial decrease from the $1.96 million reported in 2021.

We have dived in with some of the recent cyber-attacks and threats that CISOs need to key a close watch on for the remaining part of 2022 and beyond.

2. Cyber Insurance

Cyber insurance is crucial for enterprise risk management, but it’s quickly becoming unaffordable, just as we predicted. Premiums are increasing rapidly, and new research shows that 82% of insurers believe that prices will continue to rise for the next two years.

Panaseer’s 2022 Cyber Insurance Market Trends Report, saw the largest ransom pay-outs by insurers in the last two years average £3.26m in the UK and $3.52m in the US. Increasingly sophisticated threat actors and costly ransomware attacks are having the biggest impact on rising premiums. 89% of insurers believe it would be valuable to have direct access to customer metrics and measures proving the status of their security controls.

3. Cyber Workspace

The US ranked number 1 for the foremost number of coworking areas globally (3,762), with the UK being third (1,044). Where it is predicted five million individuals would be using coworking areas by 2024, and 13% of businesses outside the US are using shared workspaces in 2022. However, it is hard to determine how many security breaches have arisen from coworking spaces.

Working from home: Remote work has increased the average cost of a data breach by $137,000, Email phishing attacks were the most common source of data breaches while working from home (48%).

Subscribe To Our Newsletter

4. IoT Security

There has been an increase in IoT technology, where in 2021 there were more than 10 billion active IoT devices, and in 2030 it is predicted to surpass 25.4 billion. By 2025, it is predicted that 152,000 IoT devices will be connecting to the internet every minute.

Ring (An Amazon-owned company) had two incidents, once for accidentally revealing user data to both Facebook and Google via third party trackers embedded into their android application. Secondly due to an IoT security breach where cybercriminals successfully hacked into several families connected doorbells and home monitoring systems.

IoT devices carry a lot of vulnerabilities with the lack of computational capacity for built-in security and have a limited budget for developing and testing secure firmware. Where IoT has evolved rapidly over recent years, connecting technology, driving business insights, powering innovation, and improving people’s lives. But IoT solutions become more prevalent in society, cyber criminals have found new opportunities to exploit the lack of built-in security currently associated with IoT devices.

5. Job Market

Over the past year, the demand for cyber security professionals has increased by 60%. Many industries seeing an acceleration in digital transformation and remote working, resulting in an increased risk of cyber-attacks. However, most cyber security decision-makers are struggling to recruit due to a shortage of skilled professionals, according to new research. 60% of organisations also admitted they have been struggling with finding cyber security talent, and 52% reported difficulties with retaining employees. Meanwhile, seven out of 10 leaders worldwide say hiring women and new graduates are among their top three challenges.

Tor Macleoad, Founder at Via Resource states “Employers and recruitment agencies consider the cyber security labour market an increasingly candidate-driven market, with a greater average number of vacancies per firm this year, and a greater proportion of these vacancies being hard to fill.”

Cyber Attacks 2022

Cyber Attacks in 2022

Here at Via Resource, we monitor the reported cyber security statistics and trends that are impacting the digital landscape. Unfortunately, despite global efforts, every subsequent year the numbers get worse and show that we are far from being able to mitigate and contain the numerous cyber-threats targeting both the industry and government.

The latest cyber security breaches survey 2022 by Gov.uk has revealed that 39% of UK businesses identified a cyberattack in the last 12 months with the most common threat vector was phishing attempts (83%). With average estimated cost of all cyber-attacks of £4,200 with only medium and large businesses the figure rises to £19,400.

Below we dive in with some of the recent cyber-attacks and threats that CISOs need to key a close watch on for the remaining part of 2022 and beyond.

Crypto.com

Cryptocurrency is big business, so it’s no wonder that Crypto.com was subjected to a serious breach at the start of 2022. The attack took place on 17th January 2022 and targeted nearly 500 people’s cryptocurrency wallets.

Despite the blockchain being a relatively secure transaction method, the thieves used a simple method to get the job done: they bypassed the site’s two-factor authentication and stole $18 million of Bitcoin and $15 million of Ethereum.

Initially, Crypto.com described the hack as a mere “incident” and denied any theft but clarified the situation a few days later and reimbursed the affected users.

Microsoft

Computing giant Microsoft is no stranger to cyberattacks, and on 20th March 2022, the firm was targeted by a hacking collective called Lapsus$. The group posted a screenshot on Telegram to indicate that they’d managed to hack Microsoft, and in the process, they’d compromised Cortana, Bing, and several other products.

The hackers made off with some material from Microsoft, too, but by March 22nd Microsoft announced that they’d shut down the hacking attempt promptly and that only one account was compromised.

Microsoft said that no customer data had been stolen, and Microsoft undoubtedly benefitted from its effective security team – the Lapsus$ group has previously targeted Nvidia, Samsung and plenty of other companies, and the politically-motivated group was already on Microsoft’s radar.

Red Cross

Red Cross (the charity) was attacked in January 2022. An attack on a third-party contractor saw more than half a million records compromised – including documents that the Red Cross classed as “highly vulnerable”.

Ultimately, thousands of people had their sensitive data stolen, and most of the victims are currently listed as missing or vulnerable. The Red Cross took servers offline to stop the attack and investigate this seemingly political breach, but no culprit has been identified.

Subscribe To Our Newsletter

Key Findings

Key findings highlighted in Proofpoint’s 2022 Human Factor report include:

  • Cyber criminals recognize that our smartphones contain the keys to both our personal and professional lives. Smishing attempts more than doubled in the US, while in the UK over 50% of lures were themed around delivery notification. In addition, cyber criminals initiated more than 100,000 telephone-oriented attacks a day.
  • High-privilege users are disproportionately targeted. Managers and executives make up only 10% of overall users within organisations, but almost 50% of the most severe attack risk.

Cyber criminals continue to capitalise on global conflicts. Earlier this year, threat actors and APT groups aligned with national interests including Russia’s invasion of Ukraine. Plus criminals exploited the pandemic to attack vulnerable people; phishing, online scams and the spread of fake news became an ideal strategy for cybercriminals seeking to sell items they claim will prevent or cure COVID-19.

Networking as a cyber security candidate

Networking as a cyber security candidate

Active networking is vital to career growth, helping build long-term relationships and a good reputation over time. It involves meeting and getting to know people who you can assist, and who can potentially help you in return. However, the reality is that it doesn’t come naturally to many people.

A good rule of thumb is to plan and have a few relevant points of discussion in mind if you know you’re going to be in a situation where you’ll have the opportunity to meet new people. These conversation points – can be about what you do, your hobbies, or the event you may be at. The idea is to get the conversation flowing and leave room for future meetups and discussions. Plus, don’t forget to bring business cards so you can swap details easily.

Benefits of networking:

1. Advance your career in Cyber Security

Being visible and getting noticed is a benefit of networking that’s essential in career building. Regularly attending professional and social events will help to get your face known. You can then help to build your reputation as being knowledgeable, reliable, and supportive by offering useful information or tips to people who need them.

2. Get career advice and support

Gaining the advice of experienced peers is an important benefit of networking. Discussing common challenges and opportunities opens the door to valuable suggestions and guidance. Offering genuine assistance to your contacts also sets a strong foundation for receiving support in return when you need it.

3. Find a job you love

Professional networking and expanding your contacts can create new opportunities for business, career advancement, personal growth, or simply new knowledge. You never know who might be hiring for your ideal job in Cyber Security, or know someone who is, and the more people you have in your network, the more likely you are to be the first to know when those big job opportunities pop up.

Subscribe To Our Newsletter

4. Strengthen business connections

Networking is about sharing, not taking. It is about forming trust and helping others toward their goals. Regularly engaging with your contacts and finding opportunities to assist them helps to strengthen the relationship. By doing this, you plant the seeds for mutual assistance when you need help to achieve your goals.

5. Get fresh ideas

Your network can be an excellent source of new perspectives and ideas to help you in your Cyber Security role. Exchanging information on challenges, experiences and goals is a key benefit of networking because it allows you to gain new insights that you may not have otherwise thought of. Similarly, offering helpful ideas to a contact is an excellent way to build your reputation as an innovative thinker.

6. Gain a different perspective

It’s easy to get caught up in the day-to-day of your professional realm. By talking to others within Cyber Security or people with expertise in a particular area, you can gain insights that only come from viewing a situation with fresh eyes. Asking for opinions from contacts can help you see things in a new light and overcome roadblocks that you might not have known how to circumvent otherwise.

Do and don'ts of networking:

Do:

    • Think about the right people to network with – and understand when a contact might not be mutually beneficial.
    • Consider both short- and long-term career plans when meeting people.
    • Buddy up with a friend or colleague when getting started.
    • Look into networking courses if you’d like extra help.
    • Attend networking events in your sector and industry.
    • Listen as well as talk and ask questions.
    • Follow up with new contacts by email or on social media after the event.
    • Ask for help only when it’s needed and be prepared to offer help when it’s asked of you.
    • Always thank someone who’s offered you support and keep them updated on your progress.

Don't:

    • Only build contacts for short-term help.
    • Invest your time in contacts who are only out for themselves.
    • Break confidences or divulge sensitive information.
    • Neglect your network.
    • Break contact once someone has given help.

Do recruiters and employers spend only 6 seconds reading your CV?

Do recruiters and employers spend only 6 seconds reading your CV?

You have probably heard that hiring managers and recruiters spend only a few seconds scanning your CV. Industry research by TheLadders states that on average recruiters spend 6-8 seconds looking at your CV before they decide whether you are suitable for a vacancy or not. However, our consultants at Via Resource state that this fact is untrue.

Sam Finn, Director at Via Resource states, “Every role is different, so it’s impossible to gauge how long a particular company or recruiter will spend on your resume. Your CV does need to stand out from the crowd, as it must survive the initial scan for the suitability, whether that’s six seconds or six minutes.”

James Spear Director at Via Resource comments on the recruitment process for each candidate, “When sourcing candidates for a specific role, any candidates that apply for the role we would read their CV and give them a call. This is to get a better understanding of what they currently do, what they are looking for and how to manage their expectations. If they are not right for the role they applied for we would refer them to other roles that fit their requirements.”

Three most important areas employers look for when scanning your CV

    1. Formatting – this helps to determine how well you’ve organised the information and if it is easy to read allows the employer to find the information they want promptly.
    2. Relevant work history and consistent job titles – this is one of the most important elements to feature, as it determines how long you’ve worked in your current company and understands the responsibilities you fulfil in that role, with also identify if you’re a senior or entry-level applicant.
    3. Educational background & experience – within Cyber Security it is important to have the relevant experience to determine whether you qualify for the position.

If you would like to discuss opportunities available in the Information and Cyber Security industry, please register with Via Resource today where a consultant will contact you to understand your requirements. 

Subscribe To Our Newsletter

What certifications do you need as a modern day cyber and information security professional?

What certifications do you need as a modern day cyber and information security professional?

​With data breaches becoming a critical problem for a growing number of businesses across a wide range of industries, the demand for highly skilled cyber security professionals is on the rise. Since the pandemic, many businesses move online and become more technologically advanced, the issue of information security is only set to increase in priority and those individuals with the right cyber security qualifications and skills are set to succeed.

Graduate entry into cyber security

The career path into cyber security is not fully clear, however graduates typically have two primary routes into cyber security.

    1. Starting in a junior role to build hands-on experience will be an opportunity to build cyber expertise and understand where you fit into the business.
    2. Develop your technical skills through education by undertaking a Master’s degree to gain greater awareness of the cyber security landscape.

Via Resource has set up a group on LinkedIn called Cyber Launchpad where we connect graduates or new entries to cyber security with Hiring Managers completely free of charge. You will also see regular advice and guidance on Cyber Launchpad that you may find useful.

Industries

In addition, organisations are open to bringing new candidates from different sectors, as a varied job experience gives diverse skill set that can make you valuable to an employer — especially in industries where your co-workers have a narrow area of expertise. A broad work experience can benefit you and helps you evaluate a potential workplace with a keener eye.

Cyber security apprenticeships

Another option to break into the industry is to consider a cyber security apprenticeship – an ideal mix of on and off-the-job learning, resulting in a qualification and masses of industry experience.

Subscribe To Our Newsletter

Certifications for a career in cyber security

Certifications are key, to progressing your career and remaining up to date with the latest technologies. Where qualifications also teach you the value of your expertise and build communication skills – crucial if you consider moving from a technical to a managerial role.

There are several well-regarded certifications that you should be aiming for as a cyber-security professional:

    • Systems Security Certified Practitioner (SSCP) – the SSCP is great for professionals just starting in cyber security, this qualification only requires one year’s experience and provides the perfect opportunity for individuals to prove their technical skills and security knowledge.
    • Certified Ethical Hacker (CEH) – the CEH is a popular entry-level cyber security certification that introduces you to the hacking tools and techniques used by real cyber criminals. By familiarising yourself with how hackers think, you’ll be better at fixing vulnerabilities and flaws you might otherwise miss.
    • Certificate in Information Security Management Principles (CISMP) – CISMP is widely regarded as the ‘qualification of choice’ for IT professionals, and is recognised across the UK as an essential first rung on the ladder to a successful career in information security.
    •  
    • Certified Information Systems Security Professional (CISSP) – the CISSP is among the most sought-after certifications in security. Achieving the CISSP certification is a career highlight and is aimed at the top-tier cyber security professionals.

People skills

People skills and the ability to communicate are key within cyber security. Where knowledge of the commercial aspects of the job and of the wider picture outside of IT is advantageous. These skills can be taught through certifications, but most valuable through job training in an organisation.

Sales and Marketing Salary Guide US and EMEA

Sales and Marketing salary guide US and EMEA 2022

How much should you be paying for a Sales and Marketing professional?

In our latest US and EMEA salary guide, we analyse salary data from multiple data sources overlaid with live market information from our own database and advertised job data.

Our salary bandings are constructed as a guide for the US and EMEA marketplace and are only region specific for the US (East Coast, Central States and West Coast). Living costs, travel expenses and commission have not been taken into consideration for each role. If you require data that aligns to your specific requirements (Region, Technology, Clearance level), please let us know.

Torquil Macleod, Founder and Director of Via Resource comments:

“Our report is the perfect US and EMEA salary benchmarking tools for both employers looking to attract the best employees and workers looking for a new job. We have included the most common sales and marketing job titles and want to ensure clients and candidates receive the best experience possible with quality support, advice and guidance.”

Via Resource salary guide covers the following job roles:

    • Major Account Manager
    • Enterprise Account Manager
    • Territory/Regional Sales Manager
    • Commercial Account Manager
    • Channel Account Manager
    • Chief Revenue Officer (CRO)
    • Vice President of Sales
    • Vice President of Channel Sales
    • Chief Marketing Officer (CMO)
    • Marketing Director
    • Demand Generation Director
    • Field/Channel Marketing Manager
    • Channel Marketing Director

Six ways for getting the most out of your recruiter relationship

Six ways for getting the most out of your recruiter relationship

Using a dedicated recruiter at Via Resource for your next career move can provide several benefits in helping you land the role you want. A recruiter can steer you in the right direction if you are unsure of where you see yourself, plus open you up to new roles you may not have considered, which are aligned with your skills and career goals, whilst guiding you to be more selective in the jobs or companies you apply for with having connections in the top FTSE firms.

1. Quicker responses

When applying for a job directly through the hiring company’s website, it can sometimes take weeks before you get a response, which can be frustrating when you’re actively pursuing a new job opportunity. However, when you apply for a job through a recruiter, the turnaround times are often much quicker, where you’ll hear back from them within a few days and progress to the first interview stage quicker. Ultimately, working with a recruiter means you’re more likely to get started with a new job sooner.

2. Recruiter’s knowledge

Our consultants at Via Resource have extensive experience in the Information and Cyber Security market in several different sectors, and this knowledge can be invaluable to you. Our access to a range of clients and sectors gives us a unique insight into the landscape of the jobs market – so make sure you ask questions.

3. Be upfront

It’s not always easy to give recruiters and companies the full picture of who you are. When speaking to your recruiter provide a more in-depth career history, including the reasons for leaving previous roles, your job search so far, and what you earned in previous roles – all help us to build up a bigger picture of you as a professional.

When we know the full picture, we can use this information to your advantage, speeding up the process of securing your dream role!

Subscribe To Our Newsletter

4. Selling your story

The length and complexity of the job application process can vary from employer to employer, where most of the time you’re only given the option to submit your CV and covering letter, which creates less work for you. But the downside to this, it is hard to effectively convey who you are, the experience and skills you’ll bring, and how to bring value to that employer. Where a recruiter will bring your CV and cover letter to life by explaining why your background and skillset are suitable and pitch you as a great candidate for the job. In other words, they’ll sell you to the employer.

5. Support

Job hunting can feel like an isolated experience, but with the help of a recruiter, you won’t be alone. Once they’ve recommended you as a suitable candidate and the employer decides they’d like to meet you, our recruiters go the extra mile during the next steps in the process. By coaching you through the interview stages, specifying what kind of questions will be asked, suggesting how you can best prepare, giving you details about who you’ll be interviewing with and giving you feedback after the interview. They can also suggest improvements for your CV which helps boost your chances of success with future job applications.

6. Ask for help

Let’s not pretend that getting you that new job isn’t going to benefit us as well. Building a relationship and working together for our common goal is a powerful tool in your job search!

With vast experience in placing candidates, our consultants know how the recruitment process works. At Via Resource, we always provide coaching and advice for your application. Where we showcase your talent and skills to prospective employers. Presenting the best version of yourself makes the application process run smoother and is the key to you securing the opportunity you want.

We’re here to support the next step in your career. As one of the first to specialise in Information and Cyber Security Recruitment in the UK, US and Europe, our experienced consultants will work closely with you to understand your experience and skillset, then use their specialist knowledge to match you with suitable roles. We have numerous contract and permanent job opportunities available to apply here.

Webinar: Cyber Corner Is It Time For Change In The Information And Cyber Security Industry

Webinar: Cyber Corner Is it Time for Change in the Information and Cyber Security Industry

In our first webinar Steve Arnold, Senior Consultant at Via Resource and Jay Jay Davey, SOC Lead at Cyberclan, spoke about ways in which the industry can change, what is needed to implement these changes, ways in which to progress through the industry without the need for certifications and how you can use Cyber Launchpad and Cyber Mentor Dojo to get your feet on the ladder and launch your career within Cyber Security (or alternatively if you are a hiring manager, find entry-level talent/graduates). 

 

Overview of topics that was discussed: 

    • Areas that are needed to be changed within Cyber 
    • How we can go about these changes 
    • How Cyber Launchpad and Cyber Mentor Dojo can help 
    • The organic journey through Cyber Security without chasing certifications 
    • How people can transition from other areas of IT into Cyber Security

About Steve Arnold, Senior Consultant at Via Resource

Steve joined the Via Resource team in 2021, having spent the last 4 years working solely in the Information/Cyber Security sector recruiting roles such as Information Security Manager, Security Architect, Security Engineers and Security Analysts.

Steve solely focuses on Operational Security positions for Via Resource and has experience managing the end-to-end recruitment process for organisations nationwide with roles ranging from entry-level to C-Suite.

As well as this Steve gained a National Diploma Level 2 and NVQ Level 3 in Recruitment and is CertRP certified.

About Jay Jay Davey, SOC Lead at Cyberclan

Jay Jay makes Security Operations work for businesses; ultimately, technical security goals are driven by risk management. Therefore, helping provide tangible and cost-effective ways to manage technical risk and help protect the value of your business.

Jay Jay has worked with most modern technological security solutions, including but not limited to EDR, SIEM, DLP, Vulnerability scanners, and more. His expertise in this area help manage technical risk, bring visibility and provide metrics for assurance that your technical security is delivering on promises. In addition, working closely with threat intelligence to help build context to alerts and investigations.

Jay Jay has an open perception of problems and understand that not all problems can be solved with flashy solutions or money but requires careful analysis of process output, procedure outcomes, other metrics, and evidence that could highlight an issue that impacts the business. Opinions are of his own and not the views of his employer.