65 result(s) found
Asia Pacific: Cyber Security Recruiting Trends 2021

Asia Pacific Recruiting Trends 2021 Cyber Security

The risks have never been greater, or the stakes higher We have all become accustomed to working in an uncertain landscape surrounded by political, economic, social and technological change, which creates both new challenges and opportunities. But, when it comes to ensuring that critical data remains out of the wrong hands, the risks have never been greater or the stakes higher. Cyberattacks are on the rise and becoming ever more sophisticated, while security teams are under increasing pressure to remain operationally effective in the ‘new norm’ and demonstrate value for money. Last year, the World Economic Forum’s research on Covid19 related risks, stated that after economic and geopolitical risks, the top technical risk would be cyberattacks on remote workers. As readers will no doubt know, remote working increases the risk of cyberattacks as hackers target people’s increased use and dependence on digital tools, data sharing and communication. Cybercriminals have seen these risk factors, which they have and will continue to exploit. “Hacking and phishing attacks are likely become the new norm for many companies for months and years to come…even as the virus infection rate begins to recede.” The World Economic ForumAmid the disruption caused by the pandemic, there’s certainly been no shortage of news headlines detailing examples where hackers have seized upon the opportunity to steal sensitive personal or company information from remote workers.What’s more, in recent months, cyber criminals have preyed upon people’s fears and desperation to receive a vaccination. As vaccines have been announced, the world has seen increased phishing schemes or malware disguises, designed to dupe people into parting with their sensitive personal data -opening them up to cyberattack.  The forced ‘working from home experiment’ has also meant that the use of cloud-based services looks set to remain prevalent this year. Organisations will want to securely maintain business continuity in a remote working environment and evolve their online service / product offerings to accommodate changing consumer habits.As such, the imperative to maintain privacy and data loss prevention will mean more budget diverted to security measures and this will only increase the demand for Cyber Security expertise, across the globe. A truly borderless, global talent pool emerges A positive outcome from the pandemic is that remote working has become completely normalised and the many benefits have been realised by both employees and employers alike. As a result, many employers now don’t shortlist against a specific location but will consider Cyber Security candidates from a wider pool of talent, from across a country, continent or indeed the globe. As one senior technology leader put it, “I think we've all been in recruiting situations where you find the most amazing potential hire. Then we discover they're geographically undesirable because they can't come in for whatever reason - suddenly we've opened up the entire globe for our talent so long as they have good Internet connection.” Dan Crisp, Senior Technology Leader In a world where cyberattacks are on the rise, and where Cyber Security skills are in short supply, this is indeed a welcomed consequence. A focus on Asia Pacific  Asia Pacific (APAC) is an ideal environment for cyber criminals to thrive in due to high digital connectivity, contrasted with low cybersecurity awareness, growing cross-border data transfers and weak regulations. This lack of transparency leads to an inaccurate perception that the APAC cyber threat level is lower than other regions around the world. According to management consultancy firm Oliver Wyman, “The potential of cyber threat exposure is disproportionally large compared to the amount of investment in cyber security or risk management strategies. Companies need to start treating cyber risk as an enterprise-wide risk by applying a comprehensive risk management framework and upgrading capabilities. The reality is that many APAC organisations lack the structure, processes or culture necessary for this.” Although increased remote working, the rapid transition to cloud-based services and the adoption of new digital and mobile technology has resulted in increased risk across APAC - this has not translated (yet) to sufficient investments in Cyber Security by corporations. This lack of investment is prevalent across technology, talent and process. What’s more, according to the Thales Data Threat Report 2020, 45% of all APAC corporate data is already stored in the cloud. 42% of that data is sensitive information and only 52% of that is sensitive information is actually encrypted. This suggests that there is plenty more scope, for many more businesses across the region, to transition to cloud-based services. Unfortunately, as they do, it also seems that more than half of their sensitive corporate data will be not have the necessary security defenses in place. In APAC at least, we appear to be on the cusp of what we hope will be a boom in demand for Cyber Security professionals.  A company can have the best technology, cybersecurity policies, governance structures and processes in place - but without the people, with the requisite skills to execute the job, gaping holes will continue to exist in their cyber defense. So, what are the Cyber Security skills in demand this year?    Cyber Security skills in demand The two most in demand skills are Cloud Security and Application Development Security - both involve proactively building secure systems from the start rather than responding to attacks. According to Burning Glass technologies demand for these skills over the next five years is projected to grow, 115% and 164%, respectively.  As previously noted, in a bid to grow faster and become more efficient, organisations across APAC are continuing to invest in digital transformation programmes which include the transition to cloud-based services. As such, organisations across APAC will inevitably have to start focusing more on the areas that will support their digital transformation to multi cloud adoption, including: Access Management, Data Loss Prevention, Cloud Security and Information Security. These are all areas of expertise we see employers needing and wanting more of this year. What’s more, professionals with regulatory knowledge, related to local and regional GRC policy, will command a premium.In order to better service customers, organisations are also focussed on the rapid development of application software. However, when it comes to application development and security, there is a clear clash of priorities. The notion of fast application development is completely at odds with the discipline of ensuring code is secure. On the one hand, developers want to create new apps fast and deploy them quickly. On the other, security teams can be seen to slow down innovation over concerns that attackers are looking for weak points in the code. As such, the area of DevSecOps, where security is built into the software development lifecycle, has started to evolve to ensure businesses can overcome these conflicts quickly. These experts help shift security further ‘to-the-left’ by helping design secure code to begin with, rather than focusing on post-deployment scanning and remediation. Security professionals with DevSecOps expertise are in very high demand and candidates with a software background (who might be able to rewrite their own changes or contribute to secure architecture) will be highly sought after. In addition to technical expertise, soft skills have taken a stronger focus when it comes to hiring decisions. No matter the level of seniority, the ability of a candidate to be able to communicate technical information whilst conveying the risks, in layman’s terms, should not be underestimated. Ultimately, it’s important to remember that the security skills employers need and want can change and evolve very quickly. Only a couple of years ago, the areas of Cloud Security and Application Development Security were still very much in the shadows. So, when it comes to the security expertise of the future – do you have a view of what’s around the corner?  Top Cyber Security jobs 2021 Here’s our list of the top five Security skillsets, we foresee in APAC, for 2021:  1.   Application Security Engineers / Architects (DevSecOps)  2.   Cloud Security Engineers / Architects 3.   Red Team Specialists  4.   Identity & Access Management Specialists (Including Privileged Access)  5.   Cyber Threat Intelligence & Malware Analysis  How can we help? From our established offices in Hong Kong, Singapore, US and the UK we deliver Cyber Security recruitment solutions, across APAC, North America and EMEA. We help organisations find exceptional permanent and contract security talent from across the globe. Our joined up international teams offer deep technical and local market expertise. If you are job searching in these difficult times, and potentially interviewing from home, there are lots of things we can help you with to prepare. We have plenty of career advice guides we can share with you. Everything from CV tips, to developing your personal online brand and video interviewing advice. If you would like any of our career advice guides, or want to speak with a Digital Transformation / Technology recruiting expert in Asia, please do not hesitate to get in touch. 

22 Feb 2021

Cyber Security

Asia Pacific: Cyber Security Recruiting Trends Download 2021

Asia Pacific: Cyber Recruiting Trends 2021 Download

Download your copy of our insight paper  We have all become accustomed to working in an uncertain landscape surrounded by political, economic, social and technological change, which creates both new challenges and opportunities. But, when it comes to ensuring that critical data remains out of the wrong hands, the risks have never been greater or the stakes higher. Cyberattacks are on the rise and becoming ever more sophisticated, while security teams are under increasing pressure to remain operationally effective in the ‘new norm’ and demonstrate value for money.As such, the imperative to maintain privacy and data loss prevention will mean more budget diverted to security measures and this will only increase the demand for Cyber Security expertise, across the globe. So, what roles, expertise and skills do employers need and want from cyber security professionals this year?    Download our insight paper to learn: How remote working has created a borderless, global talent poolWhy APAC is an ideal environment for cyber criminalsWhat expertise and skills employers need from cyber security professionals The top 5 cyber security jobs, in demand, for 2021  Download

Stanton House

Stanton House

22 Feb 2021

Cyber Security

Cyber Security & Data Privacy

YOU ARE FAILING AS A CISO IF YOU IGNORE DATA PRIVACY

Download your copy of our insight paperLaws and regulations governing privacy and the protection of data, particularly sensitive personal data, continue to proliferate across the globe. But why should CISOs care about data privacy and how should they manage regulatory transitions to ensure their information security program stands up to data privacy protection laws? To get ‘real’ insight into this topic, we hosted a virtual roundtable where we invited a small group of top CISOs, operating in highly regulated industry sectors in the US, to share their lived experiences. Our guest speaker Robert Ball, Chief Business Development Officer & General Counsel from Ionic, also shared insight into why the domain of the CISO has expanded in light of emerging data privacy and protection laws. Download our insight paper for the key takeaways from the event and to discover 10 technology tips for CISOs to effectively manage data privacy.  Download

Stanton House

Stanton House

29 Oct 2020

Cyber Security

How can CISOs influence budgeting decisions?

How can CISOs influence budgeting decisions?

Convincing decision makers to invest in Cyber Security  According to Senior Technology Leader, Dan Crisp, there are several strategies which can be used to get past organisational resistance and convince decision makers to investment in Information and Cyber Security. Read his guest blog below to learn more... Dan Crisp, Senior Technology Leader About Dan CrispDan Crisp is the founder of Digital risk Insight, a technology risk strategic advisory consultancy. He began his career as a technology merger & acquisitions analyst at Citi. Subsequently, he led the technology risk, cyber risk, and Basel programs for JP Morgan Chase in the US. Dan went on to serve as Chief Operations Officer for Barclays Global Information Security in London.Dan also served as the CISO and Chief Technology Risk Officer for BNY Mellon with technology risk, cybersecurity and data privacy oversight responsibility at BNY Mellon Corporation and its affiliates and subsidiaries. While there, he led the innovation, development and deployment of a global technology risk regulatory controls and analytics system for technology and privacy risk. Many decision makers overestimate their company's cybersecurity defenses – ‘no news is good news’ and they may not be enthusiastic about allocating more budget to protect themselves. One of the biggest barriers experts in my line of work find is convincing executives that doing nothing allows cybercriminals to gain advantage and potentially is putting the company at peril. I believe that there are several strategies which can be used to get past organisational resistance and convince decision makers to investment in Information and Cyber Security:   1.  Reframe success metrics - what worked before is no longer effective It is an arms race, what used to work doesn’t work six to twelve months later, you’ve constantly got to be thinking about upping your game and getting that across to non-technical people is essential. For want of a better analogy – executives need to understand that they can’t simply buy the car and then continue drive it for a decade - without servicing it - just because they don’t want to spend further money or buy a new one.Use problem statements to help push back on the status quo and facilitate conversations as to why what you’ve always done is no longer good enough. Here is an example:“Our information security management system requires reassessment and transformation to ensure continued effective protection for our clients and the company.” 2.  Benchmark with peers to challenge assumptions about the adequacy of cybersecurity investmentsFor example, when the Travelex breach occurred in London other currency exchange companies wanted to make sure it didn’t happen to them. There were questions like – what was Travelex’s Cyber Security footprint? What was their approach to risk management? How did it compare to their own company and therefore, how likely was this to happen to them? 3.  Follow the organisational expectationsUse provided expected financial templatesWork with finance in advance to ensure your budget can withstand challengeUse storytelling to illustrate the risk Although it’s important that you have done your homework, laid out a clear budget and you speak the language of finance – you want your conversations to be risk based-  not dollars and cents based. 4.  Refine your presentation approachKeep the focus on the risk to the organisation (operational, reputational, regulatory, litigation, etc.)Present in non-technical languageUse storytelling to illustrate the riskCreate a sense of urgency. Inaction is dangerous.Leave a strong document trail leading to the person(s) who grant budgetAlways provide a follow-up email regardless of the meeting outcomeYou want to leave a strong document trail, and I call that the smoking gun, where it’s been explained in layperson’s terms and is abundantly clear to the budget granter – this is what’s at stake... 5.  Use the three-slide technique Problem statementRisk storytelling Solution with costingThe discovery of the three-slide technique is a defining moment in my career. When I was working for a bank, we had a Big 4 consultancy firm provided us with a 40-slide presentation deck, which we spent quite a bit of money on. We were to use these slides to present our justifications to the board for asking for exponentially more money. The CISO I worked with at the time said she didn’t want to use them. She only wanted three slides. One explaining what the problem was. The second was to be the scary slide – explaining what would happen if they didn’t address the problem. The third was the solution and cost. It was so powerful and effective that we got the funding we asked for. I have gone back and used this technique,  incrementally, for projects and programme fund raising with great success. 6.  Use narratives to illustrate the risk of inactionI have found the use of narratives incredibly powerful. We used to call those the scary slides i.e. here’s an example of something that has happened recently and here’s why it might happen to you.News headlines cause decision makers to take action — even if it's short lived Storytelling activates sensory centers in the brain that make people relate to the story on a personal level — it places them inside of the storyStorytelling is extremely powerful when it comes to marketing and other forms of communicationUse storytelling to demonstrate the risk, create a sense of urgency and leave them with the impression that you have laid this at their feet, with all of the risks and consequences outlined and now the decision is in their hands.You almost want to worm into a person’s thinking so that they wake up in the middle of the night thinking about what you’ve laid at their feet. You want them thinking - what if we have a cyber-attack and I’m the budget granter who said no? That said, it’s important to use storytelling to convey the drama for you- you want to portray yourself as the calm and collected person who has the plan.A helpful the trick for me with the storytelling is to make them as scared as you are and no more. If you’re stretching your own fear, it's going to be transparent. Remember...you are competing for finite resources and budget. The best storytelling wins the day and the funding! Download our insight paper For more insights from top CISOs download our recent insight paper. It features the key takeaways from our recent CISO virtual roundtable where the challenges of setting best practice for secure remote working and obtaining budget were discussed. Download Speak to a Cyber Security recruiting expert If you need help finding and hiring exceptional Cyber Security professionals or you are searching for your next opportunity, please get in touch to speak with a Cyber Security recruiting expert at Stanton House.  

Guest Blog

Guest Blog

20 Oct 2020

Cyber Security

Technical skills and talent in demand

DIGITAL TRANSFORMATION: TECHNICAL SKILLS & TALENT IN DEMAND

In my last blog, I wrote about the necessary workforce competencies and the type of cultural mindset that is needed to make digital transformation a success in this new era. But what are the technical skills and areas of expertise that support digital transformation? Here are five areas where talent is in high demand right now:Talent in demand1. Strategy & TransformationIncreasingly organisations are looking to the future, modelling different crisis scenarios, investing in new technology and exploring new customer engagement models or partnerships. The question of who is thinking strategically, beyond the business proposition as it stands today and shaping how it may look in 3, 5- or 10-years’ time is paramount to an organisation’s survival and future growth. Many organisations are facing wholesale changes to their operating model which is a highly complex and often daunting piece of work. As such, there has been a proliferation of new roles in the areas of strategy, innovation and change management. ‘Directors of Strategy’, ‘Project or Programme Directors’ and ‘Change Managers’ have become common place across many different types and size of organisation. However, the unprecedented speed with which organisations have had to react to the Covid-19 pandemic, and its ensuing challenges, has triggered an acceleration of digital transformation projects and compounded the need for senior professionals who can facilitate transformative change, alongside the complexities of a remote working environment. 2. Cloud-based servicesUnsurprisingly, as we have transitioned to remote working, skills in cloud-based services such as AWS, Google Cloud and Azure, have and will continue to be of critical importance. The shift to cloud based technology will no doubt remain prevalent even when we all get back to the office without restrictions. Professionals that have the skills to deploy cloud-based services as needed will be required to ensure continuous and reliable connectivity to these systems to ensure business continuity and productivity. 3. Cyber securityRemote working increases the risk of cyberattacks as hackers target people’s increased use of and dependence on digital tools, data sharing and communication. As such, organisations must enable secure remote working using a virtual private network (VPN) to create an encrypted connection from the user's computer to their company IT system. However, even businesses with a quality VPN may need to improve the server capacity and network security to enable their entire workforce to use it at once and work remotely, securely. This means that top cyber security talent, already in high demand, will remain indispensable for employers as agile working practices continue for the foreseeable future. 4. Data analytics As organisations race to adapt to different ways of working and evolve best practice across their systems, people and processes, Data Scientists and Analysts continue to be in high demand. Modelling the impact of the Covid-19 crisis and understanding evolving customer behaviour is vital to the strategic decision-making process of any organisation right now. Data analysts who can provide the accurate analysis and interpretation of data, to the right people at the right time, will provide much needed foresight in these unprecedented times.  5. Automation & AITo help reduce administrative tasks and enhance process efficiencies, within and between different systems and departments, most organisations have invested in automation technology and artificial intelligence (AI) to some degree. The specific artificial intelligence or automation technology, its application and tools available (such as Robotics Process Automation, Chatbots or CRM) varies across industry and profession. Professionals who have demonstrable experience of either developing, implementing or integrating this technology within and between business functions and adapting it to the new virtual world of work, will be highly prized.  As well as investing in technology and talent, organisations must look at their people from top to bottom and involve individuals who can provide ideas, or champion and lead transformative change. Those that believe it will all be driven from the boardroom and do not engage a diverse group in tackling change may well struggle. Understanding individual challenges in remote project delivery requires diverse perspectives and agile leadership that utilises the capabilities of individuals from every corner of the business. In an increasingly geographically agnostic business world, leaders have to understand how they can embrace technology, help their people to bring about better customer experiences and deliver lasting change that enables them to remain relevant. After all, how can you compete if you don’t evolve your operating model in today’s rapidly changing world?Those that can win both the hearts and minds of their workforce will successfully deliver the most complex of technical change with the highest levels of engagement. It’s strange how even the most baffling of technical puzzles always falls back to people!   Download our insight paperFor more on this topic, download a full version of our insight paper 'Digital Transformation: What does it take to succeed?,' where we explore what constitutes the right mindset needed for change and share the technical skills and talent in demand right now. Download Share your insights If you need help finding talent with the necessary competencies to transform your business please get in touch. We’d also love to hear from leaders on how you are progressing your digital transformation projects in these challenging times.

David Fleming

David Fleming

18 Sep 2020

Change & Transformation

Cyber Security Insight Paper

CISOs NOW IS THE TIME TO SECURE INVESTMENT

Business leaders are discussing what increased remote working and reduced real estate costs mean for investment and budgets for their different business functions going forward – including of course - Information and Cyber Security. So, now more than ever CISOs need to ensure that they have a voice in these discussions and a seat at the board table.  Download our insight paper Our recent insight paper features the key takeaways from our recent CISO virtual roundtable where the challenges of setting best practice for secure remote working and obtaining budget were discussed. Our guest speaker and Senior Technology Leader, Dan Crisp also shares the techniques he has found most valuable in convincing key stakeholders to invest in Information and Cyber Security.  Download

Stanton House

Stanton House

26 Aug 2020

Cyber Security

cyber-expertise

Why Covid-19 will only increase demand for Cyber Security expertise

The inevitable increase in demand for Cyber Security talentWhat a crazy time we’re all living through! I hope anyone reading this is safe and coping okay with this new way of existing that we’re all adapting to.In my job I have the privilege of being able to speak to an array of talented and insightful Cyber Security leaders across a variety of different industries every day. With everyone working from home, my phone hasn’t stopped ringing in the past few weeks with people looking to have a catch up.Clearly this is an unprecedented and difficult time for everyone, but being the optimist that I am, I’d like to take a look at one of the positives I think will come out of this situation and that is the inevitable increase in demand for Cyber Security talent. Remote working leaves us open to increased risk of cyberattacksThe COVID-19 pandemic increases the risk of cyberattacks as hackers target people’s increased use and dependence on digital tools, data sharing and communication. Just yesterday I read that the usage of Zoom in the past month has gone up by 535%, so sure enough there has since been an increase of over 2,000% when it comes to malicious files with Zoom in the name.It’s fair to say that most business leaders (myself included) have had their eyes opened to the benefits of remote working over the past few weeks and I don’t think any of us can see the working world going back to how it was before this all happened. As we know, remote working, in general, leaves us more vulnerable to successful cyberattacks with potentially devastating repercussions if we’re not careful. Individuals new to working from home present a target for hackers, who will no doubt seize any opportunity to steal sensitive personal or company information to create disruption or commit online fraud.I recently read, for example, a cyberattack targeted people looking for visuals of the spread of COVID-19. Viewers of a map showing Coronavirus statistics were asked to download a malicious application that compromised their computer and allowed hackers access to that individuals personal information.Organisations must enable secure remote workingTo keep information secure, most companies will use a virtual private network (VPN) to create an encrypted connection from the user's computer to their company IT system.However, even businesses with a quality VPN may need to buy more user licences or improve the server capacity and network security to enable their entire workforce to use it at once and work remotely, securely. We are already seeing organizations increasingly stress-testing their servers to ensure they will cope with everyone working from home; checking that their networks remain secure and both company and customer data is protected.Far too many remote workers, however, don’t have two-factor authentication (2FA) turned on in their email and apps. As any Cyber Security professional will tell you, 2FA is one of the easiest and most effective ways for users to protect their data and identities.In my experience, particularly with small or mid-sized organizations, the reason many companies lack these basic security measures is not because they are lazy,  but because they don’t have the education or expertise in Cyber Security in their business. What does this mean for Cyber Security talent demand? A lot of businesses are looking at their security budgets right now and are weighing up the risks of trimming them down. As such, over the last few weeks we have seen a drop in demand for talent across almost all industries. It will be interesting to see what happens to the businesses that do cut down their security budgets vs those that don’t over the coming months. Sadly, as we know, it often takes a breach for an organization to invest properly in their security. The positive news is that I do believe that this recent drop in talent demand is likely to be short-lived. The conversations I’ve had with CISOs, CIOs and CEOs over the last month fill me with confidence that in the coming months and years there will be even more demand for Cyber Security expertise. Organizations need to adapt to new ways of working, which are very reliant on technology and the inevitable continuation in increased levels of cyberattacks and probable breaches, will only amplify the need for more Cyber Security talent still further.If you are currently looking for a role in Cyber Security right now, my advice is stay patient, continue building your network and have faith that it won’t be long before we see things start to pick back up. The high demand for hiring Cyber Security talent is not going anywhere!Please get in touch if you need help hiring within Cyber Security. Equally if you are a permanent or contract Cyber Security professional, we are here to support your job search in these troubled times. 

Henry Yeomans

Henry Yeomans

20 Apr 2020

Cyber Security

What will the Cyber Security landscape look like in 2020?

The team recently attended the Future of Cyber Security Europe and were wowed by some of the incredible talks, demonstrations and conversations had on the day. Looking back through some of their material, I was particularly fascinated by the predictions laid out for the year ahead which included the likes of Fake News, Cyber Hygiene’s and Global Warming. It was a talk by Richard Parlour that stood out for me, currently the Chairman of the EU Task Force on Cyber Security Policy for the Financial Sector he had some really interesting ideas of what the next year might have in store for the industry – and some were quite surprising.  His Cyber Security Global Predictions for 2020 included; 1. Global Warming, Cyber Cold War Cooling2. Internet’s move apart3. Local social media shutdowns 4. Fake News 2.0 5. CNI, Cyber Attacks Grow6. High-profile companies at greater risk7. Lobbying to change GDPR8. Cyber hygiene 9. Battle over liability 10. More local laws Richard’s 2020 Technology Predictions also including targeted ransomware, multichannel phishing, mobile malware attacks – specifically on banks, cyber insurance on the up, more internet of things with an increase in risk, 5G skyrockets data volumes, speed trumps security for DevOps and we might just see a rethink of the Cloud. I was really surprised to see the likes of #WagathaChristie (also known as Coleen Rooney) and Fake News discussed at the conference as predictions for 2020 as the two terms coined by the mainstream media aren’t often associated with Cyber Security but the link was fascinating. Essentially, what started as a slogan for the US presidency has now been seen in elections across the world including India and most recently, the UK and we can easily apply the same rule to a rise in phishing scams. My predictions for 2020 aren’t too dissimilar to Richard’s, rather, I am less concerned with the social media shutdowns we have seen in Africa and parts of Asia and really focused on individual companies and their pain points – Cyber hygiene playing a massive role in this alongside an education around the Insider Threat.  I am really keen to work with companies in 2020 to bring their Cyber Security up to date and this isn’t going to happen through a change to GDPR policy but rather, a compliance to current regulations – focusing on data quality, education and consultative advice to bring an awareness to professionals who sit outside of the sector.  I think in 2020 we’ll be seeing more simulated breaches, gamified hacking scenarios and augmented reality demonstrations to show organisations what could happen if a breach was to occur. I think we will definitely see an increased awareness as a result of password clean ups and a resentment towards ‘Fake News’ but, I think we’ll see Technology and Cyber Security collide even more to bring the landscape to life.  What do you think we'll see in 2020?

Richard Williamson

Richard Williamson

23 Dec 2019

Cyber Security

Is it time to talk about Quittin’ Quentin, Disgruntled Dave, Sandra the Spy and Careless Caroline?

We recently attended The Future of Cyber Security Europe 2019 and was amazed at the emphasis of the Insider Threat with speakers like Richard Parlour, Mark Howell and Daniel Selman all identifying it as a key issue and with the non-malicious Insider Threat accounting for 50% of all data breaches in business, it's not hard to see why. I am a huge advocate for educating a non-Cyber Security audience about the dangers of an uneducated workforce and recently contributed to our Evolution of Cyber white paper where we emphasised the need for HR and Cyber Security teams to work together to reverse this. I wanted to share with you something I heard at the Expo which brought this common dilemma to life. A talk by Fortinet and Nouveau really stood out for me as a fantastic way of not just identifying the issue but breaking it down for a non-technical audience. Jonny Tennyson, Security Fabric Specialist at Fortinet spoke about Quittin’ Quentin, Disgruntled Dave, Sandra the Spy and Careless Caroline as a way of personalising the real issues we face when dealing with an Insider Threat. While getting quite a few laughs from the audience, I couldn’t help but wonder if this was the perfect way to educate HR departments outside of the sector. Quittin’ Quentin is a person who feels as though he can’t progress in his company and decides it’s time to move on. When leaving, he wonders what the best way to deliver value to his new company would be and looks over his options – he could take his experience, research and perspective or, he could take clients, contacts or even IP addresses from his current company to a detrimental effect. It is really important that anyone who is leaving a business; who has access to customer data, is monitored to ensure a malicious breach doesn’t occur. Using an example of a person in this instance, makes it a plausible reality for non-Cyber professionals and the same can be said with Disgruntled Dave who has been offered the world.  Brought in on a series of false promises, he now has access to the IP address alongside anything he would need to cause an issue with, including the source code. Unlike Quentin, he isn’t known to be disgruntled just yet which makes him even more dangerous. And even more dangerous is Sandra the Spy. A senior individual who is likely to be poached by another organisation with an offer she can’t refuse. Also disgruntled, she can become entrenched in corporate espionage and leak information from one company to another. While these characters form the 50% Insider Threat that is malicious. Careless Caroline is the employee that HR departments need to be really aware of. Meaning no harm but with a great responsibility, has access to a lot of information across the business. She’s ignorant, under pressure, poorly trained and becomes the victim of phishing or social engineering. While Caroline is trying her best to get the job done, she isn’t aware of the detrimental affect her curious mind could cause by clicking on a peculiar link – why would she, she has never been told not to. Insider threat is on the rise and 63% of companies declare they are concerned about this with 57% claiming they are concerned about inadvertent data breaches. 53% worry about malicious breaches. With more organisations fearing accidental breaches, a workforce made of disgruntled and poorly trained employees should be our first step-change and HR have a huge role to play in this. I would love to hear your thoughts on Quentin, Dave, Sandra and Caroline and more importantly, what you think needs to be done to reduce the Insider Threat.

Kieron Morgan

Kieron Morgan

02 Dec 2019

Cyber Security

YOUR NEW CHALLENGE BEGINS HERE - 17TH OCTOBER

SCC Transformation Lead Up to £600 a day Reading Learning and Development Manager £45,000 - £50,000 per annum + bonus + benefits West Sussex Process Analyst - Telecoms Estates Transformation £400 - £475 per day Hampshire P2P Process SME £500 - £600 per day London Security Software Engineer US $90,000 - $110,000 per annum Chicago Senior Project Manager £65,000 - £70,000 per annum + bonus West London Head of Pricing & Commercial Finance £100,000 - £105,000 per annum + car allowance + bonus London A wider selection of current vacancies can be viewed on our opportunities page or get in touch for a confidential discussion about how Stanton House can help you hire great people or assist with your own career goals.

Stanton House

Stanton House

17 Oct 2019

Stanton House News

Stanton House is APSCo's Recruitment Company of the Year 2019

Stanton House has officially been crowned Recruitment Company of the year and what a phenomenal year it has been. In an awards ceremony held in London last night, CEO Neil Wilson and Finance Director Jo Finch received the prestigious prize as it was announced that Stanton House was the 2019 APSCo Recruitment Company of the Year - in the £10m to £50m Turnover category. As the pair collected the award, it was noted that Stanton House has dedicated its nine years in business to creating exceptional customer experiences and transforming the reputation of the recruitment industry. Founder and Global CEO of APSCo, Ann Swain, said: “This company clearly demonstrated its belief to improving customer experience is the key to improving the reputation of the recruitment sector. The judges felt this succinctly summarised the key to excellent recruitment.” The Recruitment Company of the Year title must be awarded to an organisation operating in either Permanent or Interim markets that has most consistently demonstrated the professional values and exceptional performance associated with APSCo membership throughout the past 12 months and it is a phenomenal achievement to be recognised as one of just four companies titled in 2019. Neil said; "We are delighted to be recognised by APSCo as the Recruitment Company of the Year. It is particularly gratifying because the judges emphasised that they were struck by our commitment to delivering exceptional customer experiences. From day one at Stanton House we set out to make that the cornerstone of how we do business. That has been acknowledged consistently by our clients and candidates so it is very rewarding to have it further validated by the recruitment sector experts at APSCo." Stanton House was founded in 2010 to transform the reputation of the recruitment industry by placing the customer at the forefront of everything we do. In our 10th year of business, we are truly honoured and filled with pride that this has been recognised by such a prestigious and renowned organisation.

Stanton House

Stanton House

09 Oct 2019

Life at Stanton House

YOUR NEW CHALLENGE BEGINS HERE - 2ND OCTOBER

Browse a selection of this week's top jobs across Accounting and Finance, Technology, Cyber Security, Human Resources, Change Management and Finance Transformation: Finance Business Partner £65,000 - £70,000 per annum + package Reading IT Governance Reporting Analyst £450 - £550 per day London Azure Security Architect Negotiable Luxembourg  Finance Analytics Manager £70,000 - £75,000 per annum + benefits package Surrey Project Manager - Sales Data £450 - £510 per day London Senior PHP Engineer £45,000 - £55,000 per annum Edinburgh Finance Manager - Germany £350 - £450 per day Hampshire HR Business Partner £50,000 - £55,000 per annum + car allowance and benefits package London A wider selection of current vacancies can be viewed on our opportunities page or get in touch for a confidential discussion about how Stanton House can help you hire great people or assist with your own career goals.

Stanton House

Stanton House

02 Oct 2019

Life at Stanton House

65 result(s) found
65 result(s) found