BSI’s Tom Brett discusses the skills needed for a career in cybersecurity and information resilience.
As technology continues to progress, the demand for people with the knowledge and skills to keep businesses and individuals safe will continue to rise.
A PwC report released this week suggested that a surge in business fraud in Ireland is being fuelled by cybercrime. But according to recent research from ISC2, the cybersecurity workforce needs to grow by an estimated 145pc to close the skills gap and help to better defend organisations worldwide.
Tom Brett of BSI Consulting Services says that the role and remit of cybersecurity professionals has “evolved enormously and continues to do so”. Brett is a lead trainer and training portfolio manager with the company. He has more than 25 years of IT and cybersecurity experience, and develops global cybersecurity and information-resilience training.
According to Brett, cybersecurity roles in the future are going to become more and more hybrid. “We have become increasingly reliant on technology and as this reliance grows, the attacks and threat landscape escalate too.
“A cybersecurity role in today’s world not only includes managing data, assessing risk and developing good security hygiene and awareness throughout the organisation, but has evolved further to include regular engagement with board-level stakeholders and requires a keen knowledge of the business strategy as a whole.”
To keep up, professionals in the sector must frequently upskill, Brett explains, and this often involves hybrid skillsets across information security and data governance. But upskilling can pay off as “highly skilled professionals are in demand”, especially since the recent shift to remote working.
According to an Interpol report last month, cyberattacks have been rising at an “alarming” rate during Covid-19. It said that the increased online dependency for people around the world is creating new opportunities for cybercriminals, and many businesses and individuals are not ensuring their cyber defences are up to date.
Working in information resilience
Jobs in information resilience will continue to open up, Brett says. People working in this area are responsible for safeguarding a company’s information throughout its life cycle “from source to destruction”.
Whether the information is physical, digital data or intellectual property, Brett says that four areas need to be strategically addressed: cybersecurity, information management and privacy, security awareness and training, and compliance to requirements.
“Essentially, [working in information resilience] means being responsible for the protection of an organisation’s information in all its forms,” he explains.
“As highlighted, this covers a range of data types that may be stored on servers within a physical space, like the office, on devices, at a data centre or in the cloud, with data types that range from company files, daily emails, client information, financial details, machine data and spatiotemporal data.”
The skills you’ll need
Although cybersecurity is a fast-paced and ever-changing sector, there are certain skills that will always be necessary. Brett says that to work in this field, your skillset must be “holistic” and one that “continues to expand”.
Working as a cybersecurity or information resilience professional can be highly technical, but it is also about “more than certified skills”.
“The role is changing and professionals must also be commercially focused and aware of the full business operations and strategy, be people-orientated, client-centric and engage with all levels of the organisation,” Brett says.
‘The skillset of a cybersecurity or information resilience professional is holistic and continues to expand’
– TOM BRETT
To achieve this, developing business strategy skills is a must. “These professionals need to be pragmatic, agile, commercially viable and be able to perform risk assessments to balance the business requirements against the shifting security landscape across multiple channels, while also being aware of the compliance and regulatory requirements.”
Is information resilience the right career for you?
If you’re looking for a career that is challenging and works on real-world problems, cybersecurity and information resilience could be an option. As the security landscape evolves with “more sophisticated hackers, regulatory requirements, digitalisation, IoT and much more”, Brett believes that those with the right skills will continue to be highly sought after.
“The most mature sectors we operate in are banking, financial and professional services, insurance, healthcare, ICT, utilities and telecommunications – the latter as part of the critical national infrastructure.
“There is a level of agility needed and the experience required for a career in this sector is vast,” he says. “It is a role that works across all industry sectors, meaning those who select a career in this area can learn so much and specialise in specific sectors.”