Via Resource Events Calendar 2023

5 Women in Cyber security Who Are Reshaping the Industry

5 Women in Cyber security Who Are Reshaping the Industry

According to LinkedIn Insights (March 2023), women in the cyber security field for UK and US is reported to make up 17% of cyber security professionals. Historical obstacles remain for women looking to join or move up in the massive global industry of security. In addition to the large gender disparity in cyber security, women in the field are compensated less on average than men. In 2021, the report also showed 29% of men said they earned between $50,000 and $99,999, while only 17% of women reported the same.

Cyber security needs more women, to build strong cultures of cyber resilience across the globe, employers should prioritise attracting, empowering, and retaining talented female cyber security professionals. Women in or aspiring towards cyber security roles represent an untapped reservoir of potential when it comes to the widening cyber security workforce gap.

Luckily, there are plenty of incredible women creating a path for a more diverse and inclusive industry in the world of security. Below we look at some of today’s most notable women in cyber security to learn how they’re reshaping the industry as we know it.

1. Chani Simms

 Chani Simms is an award-winning cyber security leader, director of Meta Defence Labs and founder of SHe CISO Exec. platform. Chani is a passionate entrepreneur, C-level advisor, vCISO, auditor, Cyber Essentials assessor and specialist in helping organisations implement and manage information security and data protection programs.  She has been an information technology enthusiast since the age of 19 and her various experiences and passion for the industry have led her to founding/co-founding new companies and initiatives, becoming a regular public speaker and being listed as one of the 50 most influential women in cyber security.

Impact on the cyber security industry:  Founded SHe CISO Exec. to train information security professionals and create emotionally intelligent cyber security leaders.

2. Nicole Eagan

Nicole Eagan is Chief Strategy Officer and AI Officer of Darktrace. Her extensive career in technology spans 30 years working for Oracle and early to late-stage growth companies. Nicole identifies and shapes Darktrace’s strategic plan, leads the Company’s AI vision together with our CTO, and provides product strategy and direction.

Impact on the cyber security industry: Established Darktrace as the global leader of AI cyber defense by developing state-of-the-art AI algorithms that detect never-before-seen cyberattacks.

3. Jane Frankland

Jane Frankland is an award-winning entrepreneur, international speaker and best-selling author. She focuses on business strategy and high performance in cybersecurity and is a world authority on attracting and retaining women in this field. She has been named as the third most influential person in cybersecurity in the UK and a top twenty global influencer.

Jane has over 21-years of experience in cybersecurity, has built and sold her own global hacking firm and served in executive positions at leading cybersecurity consultancies. In addition to managing her own company and parenting three children, she is an awards judge and board advisor. She authors many articles, is regularly featured in the media, and is sought after as a keynote speaker.

Impact on the cyber security industry: Authored ‘In Security: How a failure to attract and retain more women in cybersecurity is making is all less safe,’ and created the IN Security movement – a global community that stands behind a mission to connect, teach and inspire more people in cyber security.

Subscribe To Our Newsletter

4. Lakshmi Hanspal

Lakshmi Hanspal is the Global Chief Information Security Officer of Devices & Services at Amazon. In this role, she leads Trust, Security and Safety for Amazon Devices and Services including consumer electronics, autonomous vehicles, satellites, and more.

Prior to joining Amazon, Lakshmi was the Global Chief Security Officer at Box. Before Box, Lakshmi was the Global Chief Security Officer at SAP Ariba. Lakshmi has also held leadership roles at PayPal and Bank of America.

Her career spans 23+ years in Information Security and risk management, with 16+ years in the financial and payment space.

Impact on the cyber security industry: Advocating for greater organisational cyber security buy-in and teaching leaders how to create organisational cultures of security built upon trust.

5. Erica Geil

Erica Geil is the Chief Information Officer (CIO) for Snyk, which helps businesses use open source code and stay fully secure. As a C-suite leader, Erica drives stellar results while building trust and collaboration across global, cross-functional teams such as Corporate Information Systems and Information Security.

Erica joined Snyk after an impressive decade with Groupon, and as its Vice President of Global Engineering and Operations she established the company as one of the world’s ten largest email senders. She accomplished this by leading marketing platform operations to attain zero downtime in 2018 while also reducing total annual consumer fraud losses by more than 40% for two years.

Impact on the cyber security industry: Erica helped organisations achieve scale by building high-performance teams, delivering innovative technologies, and fostering operational excellence. With guiding teams to find effective solutions through ambiguous challenges in dynamic environments.

Women in Cybersecurity Associations and Groups to Follow

While the gender divide in cyber security is clear, these women — and their contributions to the world of cyber security — are paving the way to ensure more gender inclusion in the future.

Embracing Equity for women in cyber security on International Women’s Day

Embracing Equity for women in cyber security on International Women’s Day

With International Women’s Day on the 8th March 2023. The International Women’s Day website states that this year’s theme is: #EmbraceEquity – “Imagine a gender equal world. A world free of bias, stereotypes, and discrimination. A world that’s diverse, equitable, and inclusive. A world where difference is valued and celebrated. Together we can forge women’s equality. Collectively we can all #EmbraceEquity.”

According to LinkedIn Insights (March 2023), women in the cyber security field for UK and US is reported to make up 17% of cyber security professionals.

Today, social inclusion and equality are two major issues. For example, many business sectors are still predominantly male, and the cyber security sector is no different. Beside a real interest from women to join the industry, according to Euronews Next, the sector appears to be falling behind when it comes to recruit women and retain them. Because of this, for International Women’s Day, here at Via Resource we wanted to draw a portrait of the women in the cyber security sector and shed light on several projects that honour women representation in the industry and encourage them to join the sector.

Did you know that the first modern computer invented in 1940 by Alan Turing was based on the work of Ada Lovelace, considered the world’s first computer programmer? What if we told you that 1940s and 1950s movie star Hedy Lamarr also was a brilliant scientist? Her work, considered a “secret communication system” received a patent in 1942, inspiring the invention of WIFI, GPS and Bluetooth. Since then, many women have conquered the tech industry and changed the face of our modern world.

The gender digital divide is present, with only 3% of females viewing a career in technology as their first-choice profession, according to PwC’s Women in Tech: Time to close the gender gap” report. Only 27% of female students surveyed say they would consider a career in technology, compared to 61% of males. In addition to this, no more than 16% of females nationally are being recommended to consider a career in technology as opposed to 33% of males. Women aren’t considering technology careers as they aren’t given enough information on what working in the sector involves and because no one is putting it forward as an option to them.

Women have always been a part of the work force, but the reality is the proportion of women to men has fallen significantly. The 1990s were a key point in explaining this decline, and according to Isabelle Collet, the craze for IT and its rise made it a major stake for companies and they started to recruit men freshly graduated from universities. In the meantime the advent of personal computers, often exclusively marketed toward fathers and sons (like this ad for the computer Apple II in 1985) or the 80’s-90’s pop with movies like Weird Science, or War Games, idolising the image of the awkward geek boy genius using tech to save the world and win the girl, did probably not help attracting women toward the Tech industry.

However, the technology industry, now, seems to be closing the gender gap. The Deloitte Global study shows that the gender gap is reducing slowly, predicting that 25% of the sector will be female by the end of 2022. In addition, the report forecasts that leading technology companies will reach an average of almost 33% women in their total workforce by year’s end, an increase of two percent from 2019.

In the Forbes, The World’s Top 50 Women in Tech, three women stand out in Cyber Security including Katie Moussouris, Founder and CEO – Luta Security, Tal Rabin, Head of Research – Algorand Foundation and Limor Shmerling Magazanik, Managing Director – Tech Policy Institute. But what is rather satisfying is that the ranking highlights companies such as Girls Who Code, founded by Reshma Saujani, which aims to empower women through technology, and GoldieBox, founded by Debbie Sterling, which promotes engineering and construction toys for girls. Innovations like these are more than welcome at a time when the fight against the gender gap is even more prevalent.

Closing the gender gap is important in the cyber security world. But there are still many obstacles. The best way to encourage women to join the tech sector will undoubtedly be through information, career guidance and plenty of representation.

To support women looking at careers in the cyber security industry, the association WiCys – Women in cybersecurity” is considered an excellent source for guidance. The programme provides several initiatives for women to receive career training, connect with other women around the world, as well as meet and learn from mentors. The European Union has also launched its own recruitment programme Women TechEU described as “a new EU programme to support female-led high-tech start-ups and help them become the high-tech champions of tomorrow.”

The technology sector is booming, and women are making progress. They are leaders, mentors and supporters, breaking stereotypes along the way. Any initiative is crucial today to raise awareness on the fact that women are still discriminated against today, both in terms of salaries and in terms of promotions and even if it’s encouraging to see all the progress they have made, we are still a long way from the world imagined by IWD. But every initiative or project makes thing goes forward and all together we can still #EmbraceEquity.

Via Resource is very encouraged by this progress, and we embrace all the women who contributed to our company’s success!

Subscribe To Our Newsletter

Your complete guide to starting a new Information and Cyber Security role

Your complete guide to starting a new Information and Cyber Security role

Starting a new job is an exciting opportunity for you to connect with interesting people and make a great first impression. Top executives give new hires less than three months to prove their value, even with a 6 month notice period. So a successful beginning requires an open mind and a drive to show the best version of yourself. By understanding the nuances of working in a new environment, you can prepare yourself to handle the start of your new position the right way.

5 ways to prioritise learning in your new role

There’s a lot to learn about when you start a new job, including your tasks and responsibilities, your team’s dynamic, and your company’s mission. The tips below take all of that into account, helping you develop a strategic approach from the very first day.

    1. Request and use resources

There’s going to be a lot to learn at first. Besides taking notes, ask for recordings, presentations, or other forms of documentation so you can reference important information later. Bookmark any digital resources for easy access.

    1. Meet with your manager

During your first day or week, make time to meet with your manager. If they haven’t scheduled a meeting, request one. Go over their expectations for onboarding and getting situated in your cyber security role. Make sure you understand which priorities you should focus on, if any.  

    1. Listen and write down questions

At first, try to absorb what you can by listening more than speaking and observing what you can. Keep a running list of them so when you meet with your manager or team, you can go over everything at once and get answers.

    1. Review the tools at hand

Your company will likely give you access to certain tools or software necessary to your job function. Review those programs, starting with the most important. If you don’t know how to use one, ask if the company offers any internal training sessions or identify resources to help you figure out what you need to know.  

    1. Look at the organisation structure

It can help to know how things are organised at your company. Most companies keep an org chart available for internal use, though you may find similar information on a website. If not, ask your manager about the important people you need to know in your department and others.

4 ways to increase your visibility

A job isn’t just about what you do, it’s also about who you are, how you show up, and the connections you make. While it might not always seem important to network and be visible, doing both can have a positive impact.

    1. Introduce yourself to your team

Your manager or someone in HR may make introductions on your first day, either by walking you around the office or sending out an email. If not, make a point to connect with your immediate team members. Share a little bit about yourself so you can start building personal relationships with your peers. You’re there to work, but you can and should develop relationships for support and networking.

    1. Fill out any profile information to increase visibility

Whether remote or in-person, companies increasingly rely on an array of digital tools, such as Slack, to connect employees. Set aside time during your first week to fill out any profiles, add your email signature, and take other steps that will help make you more visible both internally and externally.

    1. Begin introducing yourself to other teams and employees

You should meet your immediate team members over the course of your first or second day. But, if possible, try to introduce yourself to other company employees or teams once you feel more settled in your role. If you work in an office, ask your manager about the other departments your team works with most frequently and reach out to them via email. If you work remotely, introduce yourself via email.

    1. Connect with Employee Resource Groups

Employee resource groups help connect employees interested in the same topic or who share a similar identity. If there’s a professional group available to join, try to take part where you can. Doing so can help you meet employees outside of your team, feel more connected to others, and grow in ways outside of your immediate role.

Subscribe To Our Newsletter

5 ways to grow into your role

Growth is an important part of your larger career journey. As you learn about your role, team, and company, the tips below can help you identify ways to develop your skills, experience, and more.

    1. Start a document that tracks your successes and impact

It’s never too early to start tracking your accomplishments. Create a document where you can make note of your successes, the growth you’ve achieved, and the impact you’ve made—all for easy reference when it comes time to submit your performance review.

    1. Create a career development plan

For your professional growth, create a career development plan to outline the short-term and long-term goals you want to achieve in your current position. Short-term goals may be things like learning new tools, while long-term goals may be to take on more responsibility in a new area.

    1. Share your ideas

It’s important to listen when you first start your role, as we mentioned above, but eventually, you will naturally have ideas to contribute to your works or team’s success. Don’t wait to be invited to share what you have—speak up in meetings or, if that feels uncomfortable, speak with your manager privately. 

    1. Establish check-ins with your manager

You should have a regular check-in with your manager to discuss your work, your accomplishments, and any areas you may need some extra help. These can be weekly, biweekly, or monthly, but it’s important that they be consistent so you can receive regular feedback to continue growing. 

    1. Explore professional development opportunities

Your company may offer professional development opportunities. Ask your manager or an HR representative about resources, such as taking a course, attending a conference, or partnering with a mentor.

4 additional tips for starting a new job

Beyond learning, visibility, and growth, the tips below may be useful in your first month at a new job. Reflect on how you want to show up in your new role and on your new team.

    1. Ask for help and work with colleagues to learn

There’s going to be a lot to learn as you get started in your new role. Don’t be afraid to ask for help, either from a co-worker or manager, it shows that you’re proactive and communicate effectively.

    1. Refine your habits

A new job offers a chance to refine your habits by leaving behind what wasn’t working for you and establishing a modified routine that does. Spend time reflecting on your habits, such as time management, and identify ways to improve anything that will help you be more successful.  

    1. Participate where you can, but don’t overcommit yourself

There may be opportunities for meetings outside of your typical work parameters, such as “Lunch & Learns” or even happy hour events. Participate where you can, but don’t feel as though you need to attend everything. Strike a balance between attending additional meetings or events that will help you achieve the categories above: learning, visibility, and growth.

    1. Set boundaries

Establish your boundaries early in your role. Do you need to close your door while concentrating on an intensive task? Do you prefer to wait until the next workday to answer emails that come in overnight? Identify what you need to establish a healthy work-life balance and make it clear to your team.

 

5. Interrupt

Without body language, there’s no way of knowing whether the interviewer has finished talking. The easiest way to avoid interruption is always leaving a pause by waiting, to prevent awkward interruptions from both sides. Not only will it give you time to think of a coherent response, but also means you don’t speak over the interviewer you’re trying to impress.

6. Don't be afraid to ask for clarification

If you miss a particular question don’t try to second guess what it might have been. Apologise and politely ask the interviewer if they can repeat it. They are more than happy to repeat the question.

If you make it to the second round of interviews, we have created a handy virtual and in-person checklist on the best ways to prepare for an interview and provide tips to increase your chances of getting hired.

1020 cyber security professional’s actions and experiences when applying for a new role

1020 cyber security professional’s actions and experiences when applying for a new role

At Via Resource, we strive to provide a supportive service to our candidates and clients. As the world shifts and everyone becomes more online, Cyber Security as a profession has grown because there is more personal and sensitive data vulnerable to an attack. The rise of Cyber Security has had a huge impact on businesses as professional industries are scouring to hire Cyber Security talent to protect their online presence, assets and customer data.

Our research focuses on the current market to candidate’s views of how the recruitment process has changed, and to establish what candidates find attractive in employers and job opportunities. We carried out an industry survey from 22nd November 2022 – 5th December 2022, asking 1020 candidates their thoughts when applying for a new role.

Torquil Macleod, Founder and Director of Via Resource comments:

“We are incredibly grateful to all the candidates who took the time to complete our survey as we look to understand how the market has changed. The feedback gathered will help us to improve candidate experience and help inform our clients. We want to ensure candidates receive the best experience possible with quality support, advice and guidance from Via Resource to find their perfect role.”

Audience of the survey

Out of the 1020 professionals surveyed, 171 (16.8%) respondents were from the UK and 849 (83.2%) respondents were from the US. With the top three areas working in:

    1. Security Engineering & Architecture (35%)
    2. Governance, Risk & Compliance (27%)
    3. Network Security (21%)

The top three seniority of within their organisation follows:

    1. Manager, 8 years + (32%)
    2. Senior, 5 – 8 years (25%)
    3. Associate, 2 – 4 years (18%)

Changes within the market

Cyber security jobs are in high demand with 78% respondents believe there will be in increase in roles. However, 88% believe there is a cyber security skills gap, where a recent report Cyber Security in Focus, features responses from cyber security directors, security operations directors and VPs of product security in EMEA and North America. Where 87% of respondents admitted they are suffering skills shortages, with over a third (35%) claiming positions were left unfilled after a 12-week period. 60% of organisations also admitted they have been struggling with finding cyber security talent, and 52% reported difficulties with retaining employees. Meanwhile, seven out of 10 leaders worldwide say hiring women and new graduates are among their top three challenges.

Three areas identified by respondents to reduce the skills gap include:

    1. Attract talent (31.7%)
    2. Train and apply employee skills (28.9%)
    3. Encourage employees innovative thinking and practical ability (25.3%)

How Candidates Apply for A New Role

Cyber security professionals apply for roles in a mixture of ways with applying on a company website being the most popular channel with 54% of the candidates, is an unexpected for this to be the most popular when it was only 31% last year. However, the reason for this could be those applying directly to the company may be competing against a smaller pool of applicants, which will naturally decrease the competition. Also this helps delivers the applicants credentials to employers in their preferred format, as opposed to the one utilised by an external job site. Some organisations also provide more detailed information about job openings on their website, compared to the descriptions on job listing sites.

Using a recruitment Consultancy comes second, 53% of candidates reported finding un-advertised Cyber Security roles where hiring organisations have chosen to be more discreet. Candidates also preferred not having to negotiate salary package with potential employers, this part of the process made many applicants feel uncomfortable. Other ways of applying for a new role include using their own personal networks (42%), LinkedIn (35%) and job boards (11%).

44% of candidates surveyed checked company reviews before applying for a role, in particular Glassdoor. Cyber security professionals pay close attention to the ratings and reviews which can significantly influence whether they choose to move forward with the application process. On average candidates spend 21 minutes to complete each application.

What Candidates Want from An Organisation

When a candidate has applied for a role on average, they would expect a reply either within three working days (41%) or up to a week (39%) mentioning if they have been successful to the next stage or not.

If a candidate is successful to the next stage interviews, they are happy to incorporate phone and online interviews with the final stage to be in person interviews (16%). However, most candidates (41%) are only wanting to participate with online interviews due to technology allowing us to do so. After each interview stage it is important for candidates to receive detailed feedback with 42% of candidates strongly agreeing and 42% agreeing. This is an incredibly important statistic as the importance of employer branding and candidate experience is hugely important in today’s employment market. The ideal number of interview stages is seen to be three to four depending on the seniority of the role, this is to avoid interview fatigue for both employers and candidates.

What candidates want within the role

We asked 1020 cyber security professionals if they had to rank the most important thing, they look for in a new role the sequence is as followed:

    1. Salary/day rate
    2. Career progression
    3. Employee Benefits
    4. Workplace Culture/Environment
    5. Skills
    6. Job responsibilities
    7. Job Title
    8. Training

Salary is regarded as one of the most important factors while making a choice between roles, therefore putting salary ranges in job advertisements may give organisations a competitive advantage when trying to attract candidates. That’s because most candidates look first at a position’s compensation and benefits when scanning a job posting, then at the job’s required qualifications and skills.

Even with training being the lowest importance to candidates 95% of candidates surveyed would be happy to take on additional training to learn skills (1% more than last year).

Job Benefits

When an organisation provides company benefits, this helps recruit and retain the best employees, boost morale and improve company culture and benefit from a more productive workforce. Therefore, when candidates apply for a role, they would be looking at the benefits package which could be a way to differentiate one organisation to its competitors. Due to COVID-19, the working culture has changed by providing a more flexible working culture which is important to candidates (36%) and the ability to work from home (23%). Where technology is enabling businesses to continue to function, communicate effectively and maintain positive morale through video conference calls, virtual coffee catch ups and screen-to-screen team socials.

As employees spend most of their time working, offering a health program is crucial. Health benefits can improve overall productivity at work, reduce absenteeism, improve dietary habits of employees, and promote positive behavioural patterns. This is why candidates have chosen other benefits including health insurance (45%), employee rewards platform (38%), bonus scheme (34%) and gym membership/wellness programme (29%).

Conclusion

Several new insights into the individuals working in and applying for cyber roles, the cyber security skills gaps that affect employers, and the challenges that organisations face when it comes to training and recruitment. The main lessons we draw are as follows:

    1. Skills gap – The skills gap presents significant challenges to organisations attempting to stay ahead of the cyber risk landscape. It is expected organisations to focus on hiring and retaining niche cyber talent along with outsourcing strategies to remain agile and optimise operational processes in 2023.
    2. Education – Schools, universities and training providers to give a holistic skillset, covering the relevant technical skills and soft skills that employers demand, and the ability to implement those skills in a business context. Plus organisations to support existing talent through ongoing training.
    3. Support – Burnout is rampant today at many organisations, especially when there is such a shortage of skilled people, it’s easy for anyone unhappy to leave and find a better opportunity elsewhere. However, there are also critical cyber security needs that must be met.
    4. Recruitment – ​Sourcing the right talent at the right time can prove arduous for any company. But the process becomes even more challenging when you work within a niche industry or sector. In these situations, a specialist recruiter can help find the perfect candidate for a hard-to-fill role.

This insight gained from information and cyber security professionals shows the new thinking when applying for a cyber security role. Which in turn helps Via Resource when speaking to organisations to guide them with the best job packages, interviewing process and onboarding successfully where candidates can fit perfectly into the role.

What Penetration Testers should expect in 2023

    What Penetration Testers should expect in 2023

    Companies usually appoint cyber security consultancies to conduct processes like Web App and Network penetration tests, to give a clear idea of where some of their current threats and weaknesses lie. The current trends in penetration tests will better help organisations understand the impact of changing variables on the organisation’s cyber infrastructure. With information to help strengthen IT security and make the network more resilient to malicious activities.

    What Can We Expect in Cyber-Attacks This Year?

      1. Targeted attacks are presenting no signs of declining as attackers as hackers become more sophisticated with their approaches to infiltrating networks. Due to this, there will also be a better need to instruct both those working in cyber security as well as general users trying to safeguard and protect their information secure from falling into the wrong hands.
      2. Expect additional attacks against mobile gadgets as more and more users expand their list of active devices with increased usage in mobile apps on phones and tablets.  Users will have extra points of entry to be concerned about and keep their additional devices in mind when protecting against attackers.
      3. A growing increase in successful malware deployment and ransomware attacks as they are proving to be more and more lucrative for cyber criminals. Therefore, companies and individuals will need to be increasingly vigilant in safeguarding their crucial information and networks from such kinds of threats.

    How to transform the cyber security landscape in 2023

    Proactive cybersecurity measures such as pen testing

    Organisations’ are likely to increase the use of proactive measures like penetration testing and vulnerability scanning to assist in identifying their possible weak points. Firms can lose millions due to a successful security breach, resulting in senior management and leadership teams paying more attention to preventative and proactive services under the penetration testing remit.

    One of the areas organisations are increasingly investing in is the deployment of testing services with more companies providing bespoke and advanced testing services such as such as red teaming and continuous security testing.

    Using mobile devices as a target

    Nearly two-thirds of people own and use smartphones, and several companies have created websites or applications that work on these gadgets. As a result, hackers and malicious actors are attempting to compromise users via their mobile devices.

    Security professionals are always looking at the tactics, techniques, and procedures of their black hat adversaries to develop their own war chest to best protect their customers and minimise their chances of being successfully attacked.

    However, increased security awareness training and more investment in device security can play a key role in ensuring an organisation and it’s users maximise their capacity for self-defence.

    Subscribe To Our Newsletter

    Supply-chain disruptions

    As we’ve seen recently attacks on supply chains are becoming increasingly popular among hackers and this looks set to continue. Hackers are aware that third-party software used by huge corporations is less secure than these large organisations and that third-party software can be easily exploited and utilised to get access to more renowned well equipped companies and their infrastructure.

    The rising possibility of Artificial Intelligence (AI)

    The application of Machine Learning (ML) in cybersecurity is spreading quickly and taking on a more predictive character. Cyber security is becoming both more effective and less expensive at the same time, thanks to ML and computer-assisted security solutions. With the assistance of algorithms, ML makes patterns from an enormous dataset. In this manner, it can foresee and react to ongoing attacks in real time. Building automated security systems, Natural Language Processing (NLP), facial identification, and autonomous threat detection have all benefited greatly from AI. It is also used to create smart malware and attacks that get through the most recent and complex data security detection mechanisms. Threat detection systems with AI capabilities can anticipate new attacks and immediately alert administrators to data breaches.

    Cloud might be vulnerable

    Since most organisations are now cloud-based, security measures must be constantly reviewed and updated to protect against data leaks. Although cloud apps currently have robust cybersecurity measures in place, dangerous malware, phishing scams, and other problems often originate at the user end.

    The world we are living in is rapidly changing as we’re seeing an increased rate of technological change and adoption. This leaves organisations in a more vulnerable situation, with an increased chance that their data might end up in the hands of the wrong people. Organisations must take all the necessary steps to protect themselves as well as avoiding any costly consequences in the future.

    New Year, New You: how to achieve your career goals in 2023

    New Year, New You: how to achieve your career goals in 2023

    The start of a new year offers the perfect opportunity to refocus your energy and set new career goals. Whether you’re looking to progress in your current role or transition into a new industry within cyber security, there are simple steps to help guide you through achieving your goals.

    1. Reflect on 2022

    Looking back over the previous year and identifying your strengths and weaknesses could help inform your career plan for the next 12 months. Similarly, highlighting significant moments of achievements and hard work can also be beneficial in defining what your long-term goals will be. It may also be worth considering taking an inventory of your skills used in the past year to discover what you enjoyed and where your skillset may be lacking and what may need further attention in 2023.

    2. Research

    The more you learn, the easier it is to make decisions within cyber security so conducting research around your career is essential. Understanding potential routes to your goals, or significant learning experiences that may elevate your career are important aspects of planning your next steps. Be clear on what you want to achieve and how you want to get there. This can be from finding a new role or to progressing within the company.

    3. Create a plan

    Detailing each step of your plan is just as important as setting specific time limits for each phase. Breaking down your yearly goal into smaller milestones can help manage your progression, make your goal seem less overwhelming and set realistic timeframes for each of your objectives. Your plan may help identify resources that are missing which may open conversation as to how your current employer can help you strengthen your skillset within your role and help you achieve your aim.

    Subscribe To Our Newsletter

    4. Using a Specialist recruiter

    Using a dedicated recruiter at Via Resource for your next career move can provide several benefits in helping you land the role you want. A recruiter can steer you in the right direction if you are unsure of where you see yourself, plus open you up to new roles you may not have considered, which are aligned with your skills and career goals, whilst guiding you to be more selective in the jobs or companies you apply for with having connections in the top FTSE firms.

    Here you can find out the benefits of using an expert cyber security recruitment specialist.

    5. Staying focused

    Once your plan is in place, remaining productive, staying focused and disciplined in your actions are key to elevating your career in 2023. Be sure to revisit your plan from time to time to ensure you’re staying on track and to add any additional opportunities that may arise along the way.

    If you’re looking for a new job, why not get in touch or search our current vacancies.

    The Cyber Security Skills Gap In 2023

    The Cyber Security Skills Gap In 2023

    Cyber security continues to be a significant threat for governments, businesses and individuals worldwide. Cybercriminals have become increasingly sophisticated from supply chain disruptions to ransomware attacks and the threat landscape more diverse. These cyber security challenges are compounded by a workforce shortage; there simply aren’t enough people with the cyber security skills needed to fill open jobs.

    The cyber security skills shortage presents significant challenges to organisations attempting to stay ahead of the cyber risk landscape. It is expected organisations to focus on hiring and retaining niche cyber talent along with outsourcing strategies to remain agile and optimise operational processes in 2023.

    The current skills gap is estimated at 3.4 million according to the  (ISC)² Cyber security Workforce Study. Securing the teams necessary to tackle the growing information security threat landscape will require a creative approach. Where, by 2025, there will be 3.5 million cyber security jobs open globally, representing a 350% increase over an eight-year period, according to Cyber Security Ventures.

    Recruiting

    Recruiting talent within cyber security is possible, but companies must consider looking beyond degrees and technical training to secure talent in the sector. Once recruited, organisations must develop and train existing employees as an ongoing process. This will reduce staff churn and promote the learning culture essential to mitigating cyber risk.

    Utilising a specialist Cyber Security recruiter, has significant benefits for clients and candidates. In our recent article we highlighted some of the reasons that you ought to use a specialist recruiter and the benefits that you will gain from having done so.

    Outsourcing will likely be more integral in organisational cyber security strategies, partnering with external companies or individuals with specific expertise that supplement existing internal capability to elevate their cyber security risk profile. This approach would also reduce pressure on internal teams during crunch periods and empower upskilling by providing time and headspace to develop new skills.

    Addressing the skills gap

    In the (ISC)² Cyber security Workforce Report, addressing the skills gap remains a top concern for C-level executives and is increasingly becoming a board-level priority. 88% of organisations with a board of directors reported that their board asks questions specifically about cyber security, while 76% have a board of directors that has recommended increases in IT and cyber security headcount.

    The research demonstrated that training and certifications are critical, with 95% of leaders believing that tech-focused certifications positively impact their role and their team. 91% of respondents expressed willingness to pay for an employee to achieve cyber certifications, while 81% of leaders prefer to hire people with certifications. A major reason for certifications being highly regarded is due to their validation of increased cyber security knowledge and awareness.

    Women In Cyber Security

    Women represent only 25% of the global cyber security workforce in 2021, up from 20% in 2019, and around 10% in 2011. Where it is expected a steady increase in the number of women filling cyber security jobs over the next decade — which will help shrink the skills gap even further. Deloitte Cyber recently introduced a global awareness and recruitment campaign to attract more women with diverse skill sets and backgrounds into the cyber profession.

    Cyber security Ventures predicts that women will represent 30% of the global cyber security workforce by 2025, and that will reach 35% by 2031.

    If you are looking for your next cyber security employee, get help from the experts. Hiring Cyber Security professionals can help you store and protect your valuable business information and ensure it is secure and backed up in the event of a breach or cyberattack. This is where Via Resource can help to build your highly functional security team.

    Subscribe To Our Newsletter

    Information and Cyber Security Trends 2023

    Information and Cyber Security Trends 2023

    Despite security teams’ efforts, the cyber security landscape seems to get worse every year. Our experts at Via Resource share their top cyber security trends that will help security leaders to strengthen their organisation’s security posture in 2023 and beyond.

    1. Ransomware

    The new research by PwC revealed that technology executives anticipate increasing ransomware attacks in the year 2023. Ransomware usually includes infecting gadgets with a virus that locks files away behind firm cryptography and threatens to demolish them unless a ransom is paid, generally in the shape of untraceable cryptocurrency. On the flip hand, the software virus may terrorise publishing the data publicly, leaving the company liable to massive fines.

    Ransomware is naturally deployed via phishing attacks – where workers of an organisation are tricked into offering details or clicking a link that downloads the malware or ransomware software onto a system. But, currently, a direct infection via USB devices by folks who have physical access to gadgets is becoming ever more common. Education is a highly effective means of tackling this risk, with research revealing that employees who are aware of the threats of this kind of attack are nine times less likely to fall prey.

    2. Impact of remote working

    Recently, a cyber security priority for many organisations has been to secure devices that are being used for home and remote working since the start of the pandemic. Pre-pandemic, a large majority of employees were office-based, making it simple for IT departments to regularly check and update company laptops and smartphones. Making it relatively simple to ensure they were free of spyware and malware whilst running the latest versions of anti-virus software with any other preventative measures. In 2023, employees are more likely than ever to use personal devices to remotely connect to work networks and a new set of challenges has emerged.

    Connecting to networks with non-secured devices can lead to employees unwittingly falling victim to phishing attacks, where attackers trick users into divulging passwords. With more people working remotely, it’s increasingly likely to risk falling for impersonation scams. Enabling ransomware attacks, where software is injected into networks that erase valuable data unless users pay a ransom to attackers. The risk of this also increases in remote working situations, where it’s more likely that devices may be left unattended.

    3. The rise of the skills shortage

    A recent report Cyber Security in Focus, states 87% admitted they are suffering a skills gap, with over a third (35%) claiming positions were left unfilled after 12 weeks. 60% of organisations also admitted they have been struggling with finding cyber security talent, and 52% reported difficulties with retaining employees.

    There’s no way to bridge the cyber security skills gap overnight, we have listed four way organisations can start making progress today in our article: 60% Of Global Leaders Struggle To Recruit Cyber Security Talent Due To A Skills Shortage.

    As the Cyber Security market continues to grow, there remains a constant need for exceptional cyber professionals and as such, the market has continued to have a constant flow of new positions. Utilising a specialist Cyber Security recruiter has significant benefits for clients and candidates. In our recent blog, we highlighted some of the reasons that you ought to use a specialist recruiter and the benefits that you will gain from having done so

    Subscribe To Our Newsletter

    4. Artificial intelligence (AI)

    As the number of attempted cyberattacks has grown rapidly, it has become increasingly tricky for human cyber security experts to react to them all and predict where the most dangerous attacks will take place next. This is where AI comes into play. Machine learning algorithms can examine the vast amount of data moving across networks in real-time far more effectively than humans ever could and learn to recognise patterns that indicate a threat. According to IBM, companies that use AI and automation to detect and respond to data breaches save an average of $3 million compared to those that don’t.

    Unfortunately, due to the ever-growing availability of AI, hackers, and criminals are growing increasingly proficient at using it too. AI algorithms are used to identify systems with weak security or that are likely to contain valuable data among the millions of computers and networks connected to the internet. It can also be used to create large numbers of personalised phishing emails designed to trick receivers into divulging sensitive information and become increasingly good at evading automated email defence systems designed to filter out this type of mail. AI has even been used to artificially “clone” the voice of senior executives and then to fraudulently authorise transactions.

    Hackers and security agents race to ensure the newest and most sophisticated algorithms are working on their side rather than for the opposition. It’s been predicted that by 2030 the market for AI cyber security products will be worth close to $139 billion.

    5. Building a security-aware culture

    Perhaps the most important step to be taken by any organisation is to ensure that they are working towards initiating and fostering a culture of awareness around cyber security issues. Currently, it’s not good enough for employers or employees to simply think of cyber security as an issue for the IT department to take care of. Developing an awareness of the threats and taking basic precautions to ensure safety should be a fundamental part of everyone’s role in 2023.

    Phishing attacks rely on “social engineering” methods to trick users into divulging valuable information or installing malware on their devices. No one needs technical skills to learn to become aware of these types of attacks and to take basic precautions to avoid falling victim. Likewise, basic security skills like the safe use of passwords and developing an understanding of two-factor authentication (2FA) should be taught across the board and continually updated. Taking basic precautions like this to foster a culture of cyber security awareness should be a core element of business strategy at organisations that want to ensure they build resilience and preparation over the coming 12 months.

    6. IoT Security

    The more devices we connect within a network, the more potential doors and windows exist that attackers can use to get in and access our data. Where in 2023, analysts at Gartner predict, there will be 43 billion IoT-connected devices in the world.

    IoT devices – ranging from smart wearables to home appliances, cars, building alarm systems and industrial machinery, have often proven to be a worry for those with responsibility for cyber security. This is because, as they are often not used to store sensitive data directly, manufacturers haven’t always been focused on keeping them secure with frequent security patches and updates. That has changed recently, as it’s been shown that even when they don’t store data themselves, attackers can often find ways to use them as gateways to access other networked devices that might.

    In 2023, several governmental initiatives around the world should come into effect designed to increase security around connected devices, as well as the cloud systems and networks that tie them all together. This includes a labelling system for IoT devices set to be rolled out in the US to provide consumers with information on possible security threats posed by devices they bring into their homes. Plus, the European Cyber Resilience Act introduces common cyber security rules for manufacturers, developers and distributors of products with digital elements, covering both hardware and software.

    7. Cloud service attacks

    Both remote and on-site workplaces now lean heavily on every cloud service. Remote work has enhanced cloud security concerns, yet the threats transcend beyond the move to distributed employees. Threats count API vulnerabilities as well as traditional software issues. Flaws in the configuration as well as integration, counting authorisation, and authentication, of one cloud service, can bring about broader issues. For instance, cyber attackers are leveraging vulnerable PaaS (Platform as a Service) products to extend the reach of their ransomware or malware. The rewards of the cloud are sometimes enough to outweigh the threats. Using a programmatic approach, a company can reduce the threats of increasing cloud operations and build a foundation for a safe and sound future.

    If you are looking for your next cyber security employee, get help from the experts. Hiring Cyber Security professionals can help you store and protect your valuable business information and ensure it is secure and backed up in the event of a breach or cyberattack. This is where Via Resource can help to build your highly functional security team.

    The European Cyber Resilience Act

    The European Cyber Resilience Act

    On 15 September 2022, the European Commission published its proposal for a new Regulation that sets out cyber security related requirements for products with “digital elements”, known as the proposed Cyber Resilience Act (the CRA).

    Hardware and software products are increasingly subject to successful cyberattacks, leading to an estimated global annual cost of cybercrime of €5.5 trillion by 2021. The CRA introduces common cyber security rules for manufacturers, developers and distributors of products with digital elements, covering both hardware and software.  The rules seek to ensure that: (i) connected products and software placed on the EU market are more secure; (ii) manufacturers remain responsible for cyber security throughout a product’s life cycle; and (iii) consumers are properly informed about the cyber security around the products that they buy and use.

     

    Such products suffer from two major problems adding costs for users and society:

      1. A low level of cyber security, reflected by widespread vulnerabilities and the insufficient and inconsistent provision of security updates to address them.
      2. An insufficient understanding and access to information by users, preventing them from choosing products with adequate cyber security properties or securely using them.

    While existing internal market legislation applies to certain products with digital elements, most of the hardware and software products are currently not covered by any EU legislation tackling their cyber security. In particular, the current EU legal framework does not address the cyber security of non-embedded software, even if cyber security attacks increasingly target vulnerabilities in these products, causing significant societal and economic costs.

    Two main objectives were identified aiming to ensure the proper functioning of the internal market:

      1. Create conditions for the development of secure products with digital elements by ensuring that hardware and software products are placed on the market with fewer vulnerabilities and ensure that manufacturers take security seriously throughout a product’s life cycle.
      2. Create conditions allowing users to take cyber security into account when selecting and using products with digital elements.

    To combat these growing cyber security costs and address vulnerabilities, the Commission notes four specific goals for the Cyber Resilience Act:

      1. To ensure manufacturers improve the cyber security of covered products throughout the whole life cycle.
      2. To create a single, coherent framework for cyber security compliance in the EU.
      3. To increase the transparency of cyber security practices and properties of products and their manufacturers.
      4. To provide consumers and businesses with secure products ready for use.

    Torquil Macleod, Director and Founder of Via Resource states, “many of the essential cyber security requirements simply mirror good practice and therefore many companies will not have significant work to do in this regard. The only two complex pieces are:

      1. Working out which type of conformity assessment products may require and producing/updating a raft of policies, procedures and other documentation required by the CRA.
      2. Reporting obligations under the CRA will add burden to companies already facing reporting requirements under data protection law, the NIS Directive and other sector-specific legislation. Reporting obligations placed on distributors and importers may also create tension in the supply chain and during contract negotiations as manufacturers will undoubtedly be nervous about distributors and importers reporting products’ potential vulnerabilities to market surveillance authorities.”

    Subscribe To Our Newsletter

    What about the UK?

    As the UK is no longer a member of the EU, it will not be bound by the new rules.  However, the UK is in the process of passing a similar piece of legislation called the Product Security and Telecommunications Infrastructure Bill (PSTIB).  The PSTIB is currently at the report stage in the House of Lords meaning that the Bill has almost completed its legislative passage.  The PSTIB includes a power for the Secretary of State to specify security requirements relating to relevant connectable products and places obligations on manufacturers, importers and distributors about those security requirements.  Sanctions for non-compliance with the PSTIB are similarly high, up to the greater of £10 million or 4% of worldwide revenue over the most recent complete accounting period.

    The Regulation will impact a broad range of parties in the technology supply chain, who should consider how the additional cyber security requirements will impact their manufacturing and distribution processes. Whilst most of the obligations will come into effect 24 months after entry into force, manufacturers will only have twelve months to comply with the CTA’s reporting obligations.