Tag Archives: IT security

Upcoming RANT Forum to focus on communication and collaboration

Last month’s RANT Forum was one of the best attended so far, and saw Sarb Sembhi, director of IncomingThought, present on EU Data Protection Regulation.

This month’s event will be held at The Counting House, London on Wednesday August 28th 2013 and is set to be just as interesting, with a new speaker and an engaging topic.

Darren Hodder, vice-president of cyber fraud intelligence at the Centre for Strategic Cyberspace & Security Science, will give a talk about just how important the crossover between information security and anti-fraud is, entitled ‘Different Disciplines, Same Goals: Where is the Communication & Collaboration?’.

Mr Hodder has attended RANT previously and was surprised to find he did not know many of the attendees personally, especially considering he is so well connected and spoken at numerous industry events.

“Perhaps we need to get better at communication, rather ironic since our disciplines facilitate global communication on an unprecedented scale! In order to be better understood by the board we need to get back to what is at the heart of all the problems we are trying to solve and in my view it is all about people.”

He believes IT security professionals can get so caught up in the latest technical trends and challenges that they may forget there is always a human behind these threats and that technology is simply a facilitator for age-old crimes and scams.

Mr Hodder wants IT professionals to get to know one another better in order to reach their overall goals more effectively.

RANT is certainly the perfect location for this subject as the event encourages interaction and engagement by making the whole thing a little less formal.

The idea of the event  is to put people at ease so that key issues can really be explored in an open forum. It gives a great opportunity for people to network and get to know each other, something Mr Hodder would like to see more of in the coming months.

There are many threats facing the IT security industry and many of these will be discussed at the next RANT Forum on August 28th.

Advertisements

What are the biggest challenges when sourcing information security professionals?

During each RANT forum and conference information security professionals gather together to talk about some of the most pressing issues in the industry.

One of the topics that often gets brought up is recruitment and how organisations in both the public and private sector go about bringing in the most talented individuals.

During the latest conference, some of the industry’s top professionals gave an insight into what they thought about the process and how it has evolved over the years. We asked them what they perceived as the biggest challenges when sourcing information security professionals.

Tom Salkield, professional services director at Integralis, said: “We need to attract more people into this industry sector … there are some big problems that we actually need to solve.”

According to Mr Salkield the industry must integrate more with the education system to get people interested in IT security.

“We need to be working much more closely with schools, colleges and universities to entice the new leaders of the future to come and enjoy the big debate we’re involved in,” he added.

Many other professionals gave their opinions on the industry and their thoughts on the matter can be seen in the video below.

For example, Javvad Malik, senior analyst at 451 Enterprise, believes it’s about more than just the technical skills that are required, he thinks it’s also about personalities and “people who can fit into the mould”.

The stereotype of having information security professionals all come from hacking origins is now gone and individuals are constantly emerging from a range of backgrounds and this diversity can only be a good thing.

Acumin has been hosting the monthly RANT events for the last seven years and encourages everyone to get involved with the discussion and lively debate.

Each forum and conference sees hundreds of information security professionals join in and share their ideas on the future of this ever-growing industry.

Attending RANT is a great way to broaden your thoughts and expand your network and the next event will be held on August 28th in London.

Upcoming RANT Forum to focus on EU Data Protection Regulation

Next week’s RANT Forum will certainly feature one of the hottest topics in the IT security industry right now, as Sarb Sembhi, director of IncomingThought and chair of the ISACA GRA-SC3, will be presenting a talk on the EU Data Protection Regulation as well as other areas such as the state of the privacy policy in the US.

Prism has been a word on the lips of many an IT security specialist over the past month, with former National Security Agency (NSA) worker Edward Snowden revealing its methods of spying on citizens from all over the world.

Sarb is a well-renowned speaker and delivered an interesting talk at the RANT Conference earlier this year, which saw much interaction with the audience. It’s likely that this new talk will get the same reaction, with many professionals having a different point of view on the whole matter.

Since before the EU Data Protection Regulation was made available to the general public in January 2012, all the major US Service providers have been lobbying the EU to water down the provisions to protect EU citizens. Their point of view is that the costs to implement the provisions will hurt the consumer in the long-run.

This lobbying has been one of the most heavily funded of all time and makes you wonder how in light of the Snowden revelations that this might have actually been because it would make things difficult for the NSA, rather than just the providers.

Mr Sarb suggests that if the EU Data Protection Regulation is watered down, then there is no need for the service providers at all as the NSA will be able to store all the data.

This will naturally create a lively debate over the issue and people will be able to express their own opinions on what should be done, or not done, in an open and informal environment.

You can join us for the next London RANT Forum on Wednesday 31st July and as usual there will be plenty of food and networking opportunities on offer.

Those interested in attending this fantastic event should email Gemma Paterson on gpaterson@acumin.co.uk to be added to the guest list.

How easy is it for us to find your CV?

Search for advice on writing a CV and one of the first things you will read is that it should be no more than two pages long.  The last thing a hiring manager wants to do is read through reams of paper detailing your every project and anything else you’ve ever done or thought about doing in your life; brevity is encouraged, you must engage your reader to keep their attention.

Much of this advice is good. CVs should be succinct, on-topic, and objective. Follow the old mantras about CV writing down to the line though and you are left with a document that will look pretty uploaded on your favourite job boards, but will often see you overlooked for roles for which you are perfectly suitable. A CV is no longer a record of your most worthwhile achievements; it is now a digital resource, a way of indexing your experience.

Ask most jobseekers what they do with their CV once they have finished writing it, and I doubt many will tell you that they print it off, read the advertising section of the newspaper, and then start sending out copies in the post. Typically you will upload it to your favourite job board or send it across to a trusted recruiter. That’s the hard part done, you’ve ‘got yourself out there’, now it’s just a waiting game until the right role comes along, right?

Wrong. Too many candidates fail to consider how life is on the other side of the fence, how we engage with their CVs. This is particularly true when recruiting information security and risk management professionals, who can have very niche skills and responsibilities. So here it is…

Whether it be sat on Monster.co.uk or a recruitment database, it is important to consider how it is accessed. I can tell you that if I know you as a information security candidate, I might search for you by name, but otherwise your suitability for the roles I am working on depends completely on your CV’s ability to match my search. Any recruiter with a little training will understand Boolean search strings, and now in order to ensure you are considered for the most relevant jobs, candidates must too.

CV writing should now be seen as SEO. Consider the meta keywords that will bring you up in the searches for the roles you’re interested in and consider the search hits that will display your profile above your competition. It’s also important to understand the value of your skills, too often I learn about a candidate’s experience with an in-demand technology only when I have invested the time to speak to them.  All recruiters know those calls when a candidate will phone in and enquire as to why they haven’t been contacted about a role for which they believe they are perfect, considering the above, the reason for this becomes quickly apparent.

CVs aren’t telling us enough.  For example, a candidate might simply mention ‘security monitoring’ in one of their roles, when actually they have good knowledge of IDS, IPS, and SIEM systems – which are highly sought at the moment as they tick a few of the required boxes for PCI compliance. Or what about the information risk hot topic of the day, application security, expertise in this area can see some candidates command impressive increases in their salary. Whilst ‘application security expert A’ gets his pay rise, ‘expert B’ is failing to get interviews. I bet you know by now which candidate has written their CV with search terms in mind, who has discussed their experience in a way that makes it clear what they have been doing, and who details their specialisation most effectively.

Ultimately, your hiring manager or recruiter only knows what you tell them, and your CV is your primary form of communication. Your job search may end up a success but think about the exciting opportunities you might have missed out on due to an inability to consider what happens to your CV once it leaves your hard drive. Whilst a strong understanding of the market is going to help, overcoming this is relatively easy – technical skill profiles or project overviews are certainly one way to progress yourself up the search results, particularly in product heavy roles such as IT security engineering. For some, particularly technical security contractors, you might consider writing a version of your CV that is considerably longer than you would normally like, with a simple disclaimer that it is a keyword-optimised document. Another useful measure to take when uploading your CV to a job board is to utilise ‘personal summary’ or ‘about me’ sections to search optimise your profile.

It’s time to stop thinking about how your CV looks, but rather how people will find it.

– Ryan Farmer

rfarmer@acumin.co.uk