As a cyber security consultancy there have been a few conversations recently at CyberScale about the work we do not being at the “sexy end of cyber security”, so this got us thinking about what this really means for us. Although we see large scale cyber-attacks making front page news, and often alongside big brand names, is it really the case that what we do is still not hot?
Whilst we have trusted partners who do, we don’t specialise in some of the more obvious things like penetration testing, which is often seen as the really exciting and interesting part of cyber security. Maybe that’s because it’s all about those clever folks hacking systems and showing people how easy it can be to cause a huge amount of damage. We all love a drama.
We don’t sell “next generation” technology that “solves all your cyber and information security issues” (spoiler alert – it doesn’t exist!) – although secretly we are trying to invent it…what cyber security consultancy firm isn’t?!
There are lots of technology and software solutions out there that will make you feel more protected, and you will be, but these are only part of the picture, and there are still threats and cyber criminals working hard to put individuals and organisations at significant risk.
As one of our Consultants Elliot recently said to me “Just as there are organisations and vendors working to patch their systems on a constant basis, there are people out there looking for more vulnerabilities to exploit and take advantage of to make as much money as possible”.
To be really effective at security and maximise your resilience, there is a huge amount of work required that is non-technical, possibly boring and certainly not “sexy” – it’s critical though, and that’s what we do.
So what are we, as a cyber security consultancy, all about? People, Processes, Policies, Training – in addition to the technical side…getting Cyber & Information Security right for your business. To do this we use our knowledge, experience and creativity every time we engage with our clients and their business needs.
Going in to an organisation and meeting their people, seeing how they operate, what makes them tick…is actually quite exciting, for us! Whether we are doing a security assessment, reviewing policies or building an Incident Response Plan we know that we are bringing something incredibly valuable to our clients.
Our cyber security consultancy work centres on asking questions, listening and creating strategies and solutions that will sit at the centre of an organisations approach to Cyber Security and Resilience. To this end we will never launch immediately in to suggesting particular frameworks, standards or off the shelf training – we will work hard to personalise everything we do and help create more secure businesses and services.
To be able to do this work it is important to look ahead at the future of cyber security consultancy skills, and already we see significant changes in the way education and skills are growing around the Cyber Security industry. With many schools and colleges focusing on the STEM subjects there is a move to building a generation with the knowledge and skills to protect our ever more connected businesses, lives and homes.
As we come to the end of 2021 we have already seen the UK government having invested in the recently ended 4 year Cyber Discovery Program, and they will be re-launching it again soon.
So, maybe it’s not sexy, but it’s certainly important now and in the future.