As Cyber Security Awareness Month 2021 has now ended we got to thinking “what’s it like to be a cyber security consultant?” so wanted to share some of the experiences and thoughts of our consultants who are working with clients and businesses every day. Let’s see what we were able to eek out of them on what it’s like being at the Coal Face of Cyber Security Consultancy!
Impacting people’s perspectives
From speaking with our consultants it became clear that having an impact on the clients we work with or the delegates of training sessions is something that tends to happen a lot, and is at the heart of what we try and do in our work.
Jane, who has worked as a cyber security consultant for the last 2.5 years, comments that “During cyber security assessments we see clients at first very confident they were pretty secure, and quite a few realise as we go through and ask the questions that they are actually unsure of a lot of things, being very reliant on their IT department to have that in hand. And sometimes what they think is being done, isn’t”.
The second area where they have seen a real impact is in the training and workshops delivered to businesses. As these take people out of their day to day work and give them some space and time to think, it’s not uncommon for a little self-reflection. Elliot recalls that he will “always remember when I did my first employee awareness training session and seeing people essentially light up throughout the session once they understood how cyber security should be as familiar as physical security, such as locking your doors and windows and not giving a stranger your PIN number”.
Client feedback also shows us the impact such training and awareness can have with attendees from one bespoke training session for a Housing Association client commenting that they “feel so much more confident on what I need to look out for and that the topic is much more familiar to me now and not half as scary as I originally thought”.
We also know that our training can have a very immediate impact on attendees as our Director Darren shares that “several attendees of our Business Leaders course were checking their iPhone after discussing the dangers of password re-use and realising that their phone was warning them about lots of reused passwords”.
We work hard to make cyber security relevant and accessible and focus a lot on personal cybersecurity and the risks involved. This might be about access to your personal data, security of your personal photos and videos, understanding who elderly relatives might get targeted by online scams, or making sure you understand the importance of your kids’ safety online. This not only gives people something useful for themselves and their families, but tends to get them thinking about security more on an ongoing basis, which ultimately benefits the business commissioning the work we do.
As Cyber Security and the risks organisations face move and change so rapidly you would expect that maybe the level of understanding and awareness changes at a similar pace, unfortunately not. The top three comments that keep a cyber security consultant motivated to do what they do came out in discussion as:
- “I have Cyber Insurance, so I’m okay” – erm, not really. Being insured doesn’t prevent anything from happening, and in all honesty could well have a negative impact on the ability to recover from any attack or data breach as there may well be no Incident Management in place which will leave any organisation suffering for longer. Adding to this is the fact that policies often have minimum standards set in order for them to be valid, so if they are not in place the cover will do nothing in the face of an attack.
- “We are too small, no one would want to bother hacking us” – again, this is absolutely not the case. Any organisation that has systems or data that could be breached is at risk. The approaches to protecting the businesses will be different depending on size, but the need to protect is very much there.
- “So you work in IT? I’ll get the IT team to talk to you” – no no no, we don’t work in IT, we work in Cyber and Information Security, a topic that touches all parts of a business.
These views are commonly held and often not helped by the red tape we often see businesses battling with. Cyber-attacks can often be seen as a ‘what if’ scenario and don’t attract attention of decision makers and therefore budgets. Although it’s getting better, this is still something that a lot of businesses think won’t happen to them. Or they think their IT people will be able to sort it out if it does. It’s quite surprising sometimes how some business owners just don’t seem to think cyber security is a big deal.
The personal view
The work a cyber security consultant gets involved in is interesting and varied and every client is different given that we work across all sectors. Jane told us that “Cyber Security is an ever changing industry so the motivation for me is to keep on top of how its evolving and help individuals and companies remain as secure as they can”. Technology is generally evolving faster than we can protect it, and Jane went on to say that “If an organisation, or indeed an individual, doesn’t understand cyber security it’s very hard for them to put things in place to protect themselves, so it’s being able to help and seeing people realise it’s not as difficult or scary as they first thought”.
When Elliot signed up at his university to an introductory module to cyber security he was hooked and realised that cyber security no longer seemed like this complex technical issue, he realised that most breaches start with some form of human error, and since then he has “loved this line of work, helping people I meet understand security and how it doesn’t have to be this scary topic just about hackers and big breaches, it for me is about people”.
I asked Darren, our Director and Principal Consultant for a few words on the biggest learning he’s had in his career so far, he said; “Too many to mention. I’m constantly learning from my colleagues and peers – this is such a fast moving, ever changing landscape, you can’t ever stop and no-one knows it all”, which for sums up the attitude needed to keep going in this incredible industry.