The move is in direct response to a huge demand for a place on the scheme, which connects schools, colleges and employers in preparing students aged 16-19 for work. It will likely increase competition in the industry, so anyone seeking cyber security jobs and other positions in the sector need to be firmly on top of their game.

E-mentoring enables those working in the I.T. sector – as engineers, managers, administrators and programmers – to offer their knowledge and experience to students in their chosen industry. Recent research reveals that personal benefits are also to be had from being professionally involved with young people – 75 per cent of those who responded said that professional staff development is a major benefit from working with young people.

Mentors will be trained and matched with suitable students, ensuring that both young people and the professionals taking part get out of it as much as they can.

The charity’s executive director, Anne Spackman, explained:

“Career Academies UK knows from its own experience that the best way to help young people get jobs is by connecting them to the world of work, and we have a ten year track record of doing just that.”

She continued to say that e-mentors will have an important role to play in the progression of a young person from study to employment through offering motivation, guidance and assisting them in the completion of tasks.

The results reveal that a lack of mobile compatibility may convey a poor image for a brand, since 19% of those seeking jobs confirmed viewing a business negatively if they can’t apply for a vacancy on a mobile device. A number of job seekers may be missing out on prospective jobs because of a poor mobile experience.

Monster.co.uk’s marketing director, Sinead Bunting, said:

“Employers need to ensure their approach to recruitment matches their consumer marketing. This means making the application process and jobs information available across a range of devices – including mobiles, smartphones, desktops and tablets – otherwise they’ll find a new generation of job applicants will slip through the recruitment net.”

One area in which employers are becoming increasingly savvy, however, is social media. Three quarters of employers (76%) who took part in the survey said that they talk with job candidates through such platforms as Facebook and Twitter. More than one in ten job seekers in the survey (15%) said they view an employer positively if they are able to speak with staff through social media.

The MoD will look to hire reservists to act as technology experts, working with regular forces to create the Joint Cyber Reserve Unit. There will be hundreds of vacancies available, so those seeking cyber security jobs would be well advised to keep their eyes on developments.

Recruitment will commence in November.

The cyber unit will be prepared to launch strikes should it be deemed necessary.

The team’s role is to provide protection for computer networks as well as safeguard crucial information.

Hammond said that he believed the threat to be genuine when he spoke at the Conservative conference. He explained:

“Last year, our cyber defences blocked around 400,000 advanced, malicious cyber threats to the government secure intranet alone.”

The MoD said:

“[The creation of the] Joint Cyber Unit (Reserve) will allow it to draw on individuals’ talent, skills and expertise gained from their civilian experience to meet these threats.”

The MoD announced that the recruitment drive will look to regular personnel ending their time in the forces, civilians possessing the necessary technological knowledge and both ex and current reservists with the right abilities.

Cybercrime and attacks are more common than they once were.

British Intelligence spoke to the BBC in July, when it reported seeing around 70 high-level cyber espionage attacks per month against either industry or government networks.

The upsides include the creation of an attractive, smooth-running workplace in which everyone knows where they stand, as well as a structured, well-documented approach to corporate governance, which has been signed off at the highest levels. A potential “downside” of compliance, as some executives might see it, is the hard slog and the sheer amount of paperwork involved in developing structured policies into which everyone can buy.

To this end, the boards of corporations tend to prefer dishing out this job to someone who can pull together all the paperwork and create a coherent, logical framework: one that embraces compliance and regulation as two sides of the same coin.

This is where governance and compliance experts come in. These are seasoned professionals and are steeped in various standards and regulations of which companies need to be aware, and to which they need to comply.

More often than not, their jobs are wrapped in a three-part package known as GRC, or Governance, Risk and Compliance.

Governance

In terms of governance, a GRC officer might well use the UK Corporate Governance Code as a starting point, which the Financial Reporting Council (FRC) says:

“…sets out standards of good practice in relation to board leadership and effectiveness, remuneration, accountability and relations with shareholders”.

The FRC, which oversees and regularly updates the Code, continues:

“Regulation should begin with strong corporate governance. It is the role of shareholders and boards to scrutinise and ensure that their companies are being led in the right direction over the long term”.

Apart from sound financial governance, which needs to be at the heart of every company worth its salt, it’s worth bearing in mind that governance should go beyond pure money management. It also needs to reference a company’s culture, as it impinges on both employees and those who have dealings with it. An effective GRC manager will be on top of “governance” in both the financial and broader constitutional sense.

Risk Management

When it comes to risk management, a GRC manager will be addressing a company or organisation’s exposure to risk in multiple (often related) areas: IT security, financial, legal, and health and safety. In a hospital, for instance, there are many areas of potential risk prompted by “what happens if?” type questions. If the hospital experiences a power-cut, then an appropriate generator facilitator needs to be available, as well as a plan for switching to it.

Compliance

The compliance component of a GRC role oversees all areas of business compliance, especially financial and legal. Compliance to laws and regulations often needs to be on two levels, both national and international. In this context, the ISO (International Standards Organisation) produces an array of policies and guidelines to which companies around the world aspire to follow. ISO 27001, for example, covers the whole area of information security.

This is just one of many international standards that a GRC manager would be flagging up as requiring documented compliance.

Those looking to enter business continuity jobs and other positions in their respective industries should find that they perform more efficiently than their predecessors, should the workshops be introduced by their future employers.

One attendee said:

“This is the best training course I’ve ever attended. The changes I’ve made since the workshop have helped me restructure my working month and create a more efficient routine for how I manage my time. This has in turn made the work schedule of my entire team more efficient.”

Stress combat specialists Managing Pressure and wellness firm The Tonic host the workshops. They emphasise certain topics, including the creation of optimally performing teams and strong management energy levels, with a particular focus on changes that are able to be introduced immediately.

Cathy Connolly, responsible for commissioning the workshops, said that the company is a busy one and like any other business, has to contend with challenges and pressures. Giving employees additional hours to pause and reflect has reportedly proved to be invaluable.

Jeff Archer, the director of Tonic, said that the workshops offer employees a chance to breathe in the presence of pressure and implement actions and strategies that can positively affect both the short-term and long-term. Managing Pressure’s Bruce Hoverd added that the workshops help staff to re-evaluate strategies.

A risk manager will identify weaknesses in an IT infrastructure, and make sure that any gaps are spotted, and that same manager will also have a Plan B at the ready for being able to keep operations running smoothly should “the worst” happen in the form of the corporate computer system being breached. A more general risk manager will be hyper-aware of a wider range of risks, be they financial or physical (pertaining to climate, crime, or terrorism).

Under this broad umbrella of super-readiness, today’s risk managers have four key tasks commonly pinned to their job descriptions.

Auditing awesomeness

The first such task is auditing. A risk manager cannot really do anything constructive without knowing the lie of the land for which they’ve been given assigned a good deal of responsibility. Consequently, an audit needs to be conducted of the relevant systems under the manager’s brief. In IT Risk management, this will mean taking a close look at the IT infrastructure; in particular the network holding the business together. The age and reliability of equipment will be noted, and records will be taken of any previous security breaches. When it comes to more general risk management, a health and safety audit of a building might be appropriate: In a factory, equipment might be checked, for instance, or in an office block, buildings could be inspected for asbestos.

Expert analysis

The next stage is one of analysis and, where necessary, interpretation. An effective risk manager will pore over the data produced by their audit, in an effort to extract impartially both strong and weak points. Problem areas (a leaking water pipe in the server room, for instance), faultlines (an IT system administrator with an irregular attendance record, bordering on the unreliable), weaknesses and any accidents waiting to happen will be noted and prioritised for attention.

The two Rs

The third task is that of reporting and recommendation. The risk manager will report their findings to relevant executives along with costed and prioritised recommendations for changes. The report will need to be written in a language everyone in the company can understand, from the CEO down.

Putting things into effect

The fourth and final key task will be the implementation of any recommendations, including the following:

– Writing new or revised procedures for staff to follow

– Authoring processes and workflows to plug loopholes in systems.

– Disaster planning and/or conducting simulations of emergencies (sometimes specific disaster planning experts are brought in for this work)

Finally, once all this work has been completed, it starts all over again from step one. Risk management is cyclical in nature; tasks and issues have to be revisited in order to ensure that a corporation stays up to date and on track, and perpetually in that desirable state of readiness.

It is worth bearing in mind that the short-term financial impact on companies of a serious cyber-attack is only one part of the equation. There is also the impact on reputation. If a company gets known for being vulnerable when it comes to, say, protecting confidential customer data, then this could have dire long-term consequences.

This global impact, both in terms of cost and public relations, is certainly enough to make many owners of businesses, large and small, take stock and consider the best ways to plug the gaps. One of the most effective defences against cybercrime is to prevent it happening in the first place. This does, however, require some shrewd investment by CEOs and SEOs in various components of cyber security. Those in charge of the money need to do a cost/benefit analysis during which they weigh up any expenditure on information security against the financial and reputational costs of a major breach.

Putting people first

When it comes to divvying up an IT security budget, it might be best to start with people. When the chips are down, it is skilled, knowledgeable, expert human beings who can provide the best defences against security breaches. While an experienced Chief Information Security Officer (CISO) may cost in the region of £70,000 pounds per year in wages, that person could save a company many times that amount of money in lost income in the event of a security disaster. The CISO may well need a team of technical experts in roles lower down the company hierarchy, but, there again, having a network security manager in place who can configure, and update as required, the company’s firewall will be well worth that person’s salary. The right IT security team will also ensure international standards in information security are met on a continuing basis. This, in turn, will maintain shareholder and investor confidence.

Getting systems in order

Meanwhile, any sound IT security infrastructure needs the most up-to-date, responsive, secure and powerful hardware in place to cope with such issues as denial of service attacks. Skimping on hardware is no way to maintain a secure working environment.

Training is a top priority

Finally, a wise CEO will consider apportioning some cyber security spend to security training: Training not just for the security managers in-house, but also for non-technical employees. Communicating good security practice to all relevant staff should be one of the key planks of any IT security strategy.

There’s a different class of IT security job, however, which demands expertise in a range of fields, all of which will have a bearing on a company’s information security policy. These more general jobs tend to be more senior, sometimes carrying titles such as ‘Information Security Manager’ or CISO (Chief Information Security Officer). They are also sometimes known as CISSP (Certified Information Systems Security Professional) jobs. These positions are often perceived as the “crème de la crème” in the IT security industry, commanding an average salary of around 50K and sometimes considerably higher. They are widely sought after, and often considered as roles to be aspired to at the pinnacle of an IT security career.

Here, then, are some of the qualifications likely to make someone a suitable candidate for a CISSP job.

Certify yourself

First, and perhaps most obviously, there’s the professional certification lending itself to the phrase ‘CISSP job’. A CISSP certificate is a de facto requirement for a CISSP job, and is one of the most challenging of the IT professional qualifications to obtain, demanding considerable amounts of time, energy and even resources. To begin with, there’s an entry qualification of at least five years’ professional experience in information security (in certain cases, this can be mitigated by equivalent experience in academic study). A CISSP candidate also needs to be endorsed by a fellow CISSP professional who is in “good standing” with (ISC)² (International Information Systems Security Certification Consortium).

The candidate must then embark on a course of study covering curriculum areas such as Telecomms and Network Security, Cryptography, Security Architecture and Design, and Physical Security. Then there’s a six-hour exam, consisting of around 250 questions, which demands a circa 70% pass rate. The CISSP must also be periodically renewed. This can be can be achieved by re-taking the exam, though many prefer to submit CPE (Continuing Professional Education) credits, which are also accepted.

Part of a combo

However, a CISSP certificate is not necessarily a passport in itself to a CISSP job. Employers may be looking for it to be combined with other certifications, perhaps related to Risk Management, and which demonstrate a good knowledge of certain ISO standards. Academic qualifications may also be sought. It would therefore be a mistake to hold a “CISSP is all you need” philosophy when it comes to CISSP jobs.

No substitute for experience

Finally, of-course, nothing beats hard-won experience when it comes to working in a variety of information security roles. Many employers will see this as more than worth its weight in gold, and possibly trumping formal certification in terms of making a particular candidate stand out from the crowd.

Although the data is good news for professionals, such as those seeing business continuity jobs in Britain, the Index suggests that the growth is stunted throughout a large part of the continent. Luxembourg was the only EU country outside of the UK with an increase in the number of jobs advertised. The increase was largely driven by increasing regulatory demands, as well as a call for qualified compliance professionals.

Perhaps the harshest falls in advertised European jobs were seen in Switzerland, which fell by 10 per cent, Spain by nine per cent, Ireland by nine per cent and Belgium by nine per cent.

The CEO for Robert Walters Africa, UK and the Middle East, Chris Hickey, commented on the findings:

“There was an element of cautious confidence in the market in Q2, particularly evident in London and the South East. Large financial services institutions showed signs of improvement, and people within this sector have been more confident in seeking new opportunities. There was also greater activity within IT as a number of start-ups sought to expand their European footprint.”

Hickey said that certain multinational corporations maintained their shift towards lower cost areas – namely Birmingham and Manchester – which results in an increased need in these cities for professionals in various sectors.

However, part of the problem in keeping up with cyber security developments is the sheer range of subject matter falling under the information security umbrella. From access control, to cryptography, to malware, hacking, industrial espionage, and the threat of cyber terrorism, the list is seemingly endless. In these circumstances, it can be hard to sort the wheat from the chaff, and figure out the true top priorities for the coming weeks and months. While the plethora of security blogs, newsfeeds, and updates from the major players in the security industry of-course can help, nothing beats contact with fellow professionals; especially when it comes to finding out what’s on their minds right now.

After all, being a security professional in a corporation or large organisation can be a somewhat lonely business. Security specialists often find that there are not many other people with anything close to their job description in their organisation, especially at the executive level. It can therefore be stimulating and refreshing to have some regular contact with fellow security professionals, people who share your exact same concerns, within a convivial, sociable, whilst always informative, environment.

So what’s the solution?

This is exactly where the RANT Forum comes in. The RANT (Risk and Network Threat) Forum, at its regular gatherings, hosted in various cities UK cities, gives IT security managers, CISOs, and various other security professionals, the opportunity to get together, talk about pressing issues of the day, and share ideas. The community has been running for around six years now, and the event takes place on the last Wednesday of every month, usually consisting of a combination of open network and a talk from an expert speaker. The talk is then followed by open discussion.

Previous meetings have included, for example, the following speakers and subjects:

– Vincent Blake, Raytheon’s Head of Cyber Security, talking about user behaviour, how it traditionally challenges any set of security policies and what steps can be taken mitigate this and keep users on track.

– Scott Barnett speaking on denial-of-service (DOS) attacks, under the engaging title “Who turned the lights off?” Barnett covered what exactly DOS attacks consist of and who typically perpetrates them, while also recommending some effective defence measures.

What’s still on the agenda?

A forthcoming talk from Barry Coatesworth, an established IT security expert, will be touching on the intriguing subject of social engineering or, as he refers to it in his title, ‘The Art of Seduction’. Coatesworth plans to talk about malign use of marketing techniques, particularly as they relate, for instance, to phishing.

All in all, RANT is a unique forum for UK IT security professionals, providing some great opportunities for them to keep on top of the most pressing current issues.