Spell out the Character and Behaviour of a Cyber- and IT Security Officer

Offshore Financial Institutions are in the scope of the EU GDPR!
August 18, 2019
The current assessment of GDPR Compliance challenges, insights and Experiences
August 18, 2019
Offshore Financial Institutions are in the scope of the EU GDPR!
August 18, 2019
The current assessment of GDPR Compliance challenges, insights and Experiences
August 18, 2019
Cybersecurity threats continue to be on the rise, with a sudden increase of security breaches, company hacks and data leaks, they are the primary components of global cybercrime, making it be the most significant risk to global businesses. The demand for talent and skilled cybersecurity professionals is also increasing and is critical to the safety of the individuals, companies and governments, however, just like the need for qualified Compliance staff a decade ago, there is an anticipated skills shortage of more than a million workers by 2022.

Traditional recruiting practices that primarily focus on experience and education, often fail on a couple of crucial aspects because they overlook the personality and behaviour components of assessing the set of soft (culture) or hard (technical) skills. Behaviour and personality characteristics play a huge role in cybersecurity protection as the human factor accounts for between 50-90% of IT and cybersecurity issues, depending on the survey that identifies the problem.

Attack Cybersecurity issues head-on

The job of a Cyber- and IT Security Officer must not only be dominated by technology and automation skills. Due to the constant pressure from changing regulations on a global basis, there is a need to focus on several other issues that combined will create the platform to address all Cyber- and IT Security issues;

Scientific. The method that the seamless cybersecurity professional takes to solve the cyber and IT complications is by using data and analytic skills. Cybercriminals continue to get increasingly sophisticated in their attacks, and this requires highly technical individuals that value evidence-based decision making that include several discipline and cultural issues.

Engaged. In a pressured environment, when the company’s security is at stake, the IT officer needs to be detail-oriented and continues to push for the many projects that always are in the pipeline for completion. Due to the discipline and culture issues, any small oversight could lead to catastrophic cyber-attacks.

Controlled. The cyber- and IT systems that need protection are always under threat or attacks. Cybersecurity managers must expect the need for urgency; however, they must stay composed when handling cyber threats and based on scenario planning, decide the predetermined plan of action. Random outbursts under pressure are counterproductive and shift their attention away from the damage control activities and actions.

Understanding. Adequate time must be allocated to protecting and helping the staff that do not understand IT and Cybersecurity issues. The team needs to understand the importance to scrutinise every detail of IT understanding, that values the compliance achievement that can make an impact on IT security.

Resourceful. Cybersecurity professionals should want to help people at all levels of the organisation. While performing routine actions on systems and programming, people are always at the core of the success/failure of security threats. The IT staff must not isolate themselves in a cellar corner but work together with IT beginners to fight cyber threats.

Inquisitive. The world of data, IT and cybersecurity issues are ever-changing. When threats are prevented, new pressures appear that often require a diverse set of skills than in the past. A successful cybersecurity officer is inspired, analytical and inventive to figure out the technicalities speedily and reveal control actions to the stakeholders.

Trust. Maintaining suspicion on the cybersecurity environment and the constant threats is essential. Trust absolutely no one is often a motto for a cybersecurity officer, however, to think like a hacker often creates the path to get ahead of the game and prevent attacks from getting larger but nip them in the bud.

Yielding. In cybersecurity, things can go wrong quickly. The IT security officer must be resilient enough not to blame and find faults for breaches. Focus on prevention rather than detection, but everybody must be held accountable for their actions, including the ‘boss’.

Promote the advancement of the diverse and multicultural workforce

A successful cybersecurity agenda understands the actions based on past experiences and attacks. Those that tend to excel in cybersecurity in the organisation prefer to avoid the spotlight just like the cyber-criminals. Find the talents that show a motivation to learn and be open to innovative ideas from them.

In addition to the above, issues relating to diversity, minority and gender specialists will make up a massive portion of the young cybersecurity workforce. However, these groups tend to be underrepresented across as senior roles within the organisation.

Should someone accidentally open a phishing email and expose sensitive information, or install a bug, it is imperative that the cybersecurity officer both creates a feeling of cooperation and trust at the same time and takes action to achieve the common security goals by being open and responsive and avoid criticisms or being passive-aggressive.

Several studies show that organisations with racially and ethnically diverse leadership cyber and IT security teams benefit both company culture from the bottom line up and add to the overall confidence of an organisation’s cybersecurity posture.

The above issues are also dealt with in our global GDPR and GRC network meetings, seminars, workshops, and Masterclass events.

GDPR Network Danish Chapter