Posts Tagged :

Development

Industry Spotlight – EOS Risk Group: Employment training – a necessary expense?

800 450 Jack Wynn

There are a number of qualifications employers require individuals to gain before they are considered for numerous positions in the sector, including close protection operative, maritime security officer, security manager or risk advisor. This is no secret and is widely viewed as the ‘status quo’, but does the need for training stop there?

Some would argue the requirement is in place to ensure those recruited are completely suitable and have previous experience; therefore, are fully qualified to fulfil the job duties without the need for additional training. Of course, security professionals investing financially in appropriate qualifications  is vital to securing a sought after position, but even more crucial is post-recruitment training provided by the employer. 

How many contractors will go out of their way and pay for additional training when a dreaded document renewal isn’t required? It’s safe to assume the majority will not pay for a renewal they are not required to evidence. Therefore, employers may look to provide training to its contractors. This isn’t to replace the need of third party accredited training, but simply to provide the opportunity to upgrade skills. If training courses aren’t completed when off rotation, where are new skills learnt and existing skills refreshed?

Employer training also allows the employer direct interaction with their workforce. It makes sense to ensure the personnel delivering such products are completely up to speed and can call on their training whenever required. A generalised guess would be that very few contractors have received training on the ground from their employer. The reasons why are complex, but the main explanation is cost. Inevitably, it is vital to keep costs in mind to ensure profitability, but the benefits of employer training offset this cost in both money and time.

Contractors may have only seen a company representative during the recruitment process, therefore this face-to-face interaction with the employer is extremely valuable and morale boosting. This also provides a way for employees to voice issues. By being proactive and delivering training, companies open a dialogue with contractors which may give them ‘on the ground’ insight they would not have access to otherwise. The main benefit of training remains that in highly volatile environments, security professionals need to call on skills at a moment’s notice. If the skills in question are regularly practised and refreshed through training, this will make a crucial difference in a hostile situation.

Therefore, is it not part of the duty of care by the employer to provide training to personnel on the ground, to better improve their operational capabilities?  Training also allows employers to assess the ongoing competency of their contractors and identify training needs.

Security contract budgets can be constraining, and the value of offering continuous training is not recognised by many organisations. However, in a competitive market, a focus on training and continuous development makes the difference from one provider to the next. A company can recruit contractors who are experienced and may not be seen as needing additional training, but through lack of regular training, even the most capable security professional can commit mistakes. We have seen all too recently certain industries failing to comply and the cost of that failure. Companies fail to invest in training their contractors in order to reduce expenditure, but the potential consequences of lack of training come at a much greater cost.

 

Words by Richard Baskeyfield, senior co-ordinator, Training & Recruitment at EOS Risk Group

e: richard@eosrisk.com | w: www.eosrisk.com

Guest Blog, Adrian Crawley: Transforming security skills for a changing industry landscape…

800 450 Jack Wynn

Talk to any security specialist and they will tell you that, today, the number of different security attacks they potentially face is overwhelming. It’s the direct result of two trends. Firstly, professional hackers have become more sophisticated in their approach using automated attacks, whereby robots are used to launch very advanced persistent attacks, and secondly, the new wave of ‘off the shelf’ hacks that can be bought for as little as £20 are able to cause untold damage to a network. 

Of course, Bots aren’t new, but this year alone the industry has seen an extraordinary rise in their use, posing a big question to company security experts – can we cope? And the simple answer is no. Trying to respond to bots and make complex decisions quickly enough is something the human brain is simply not equipped to deal with; nor is it capable of managing high intensity attacks for days on end.

In response, more and more companies are employing good bots to fight back in a bid to move their security experts from the front line to more strategic development roles.

Strategy is such a fundamental part of security today. No longer is it possible to react on the spot; you need to anticipate the threats and stay ahead. Plus, it needs to be done in line with the overall company strategy and in conjunction with suppliers.

Suppliers are often overlooked, but today skills need to extend beyond your organisation and ensure that your internet service provider (ISP) for example won’t be the ‘cyber domino’ that takes you down. ISPs are one of the most targeted facilities because they are an easy route to attacking hundreds of companies at a time – attack once, damage many. The development of contracts that cover this risk is common practice and should not be underestimated.

In terms of company strategy, if you are moving to an internet of things model, or have ambitious plans to expand market share, your networks, and your partners’ networks, this will inevitably need to change and be able to manage a new level of demand to ensure consistent delivery and a great customer experience.

That’s why finding the tools that will always detect and mitigate the risks is an essential part of network and application delivery today. However, it’s also a necessity to know what the risks will be; they change so rapidly and it can be an impossible task to monitor the risks when you already have other responsibilities.

It’s thought that more than 20 per cent of companies are now turning to ex-hackers for help (37 per cent say they are considering it). As risky as it may sound, many IT directors have identified that they are able to tap into sources in the ‘darker’ web and listen into conversations that are happening between individual hackers, and organised groups. They are also able to spot the malicious technology developments and even tell you the next target, well before they hit.

As I say, for security professionals that have built a reputable career, this whole approach can seem an oxymoron. Why potentially cultivate an enemy within? It’s therefore important to have the right checks and balances, and day-to-day management skills in place to ensure conduct is above board at all times. Or indeed, assess if a security partner who employs the skill is a better option.

Whatever path you choose, the future will be constantly changing, and when security attacks are a question of when not if, every company needs a plan in place. How they are shaped will be down to the organisation and the sector it operates in, but understanding how technology and skill are blended will be an essential part of a successful strategy.

Adrian Crawley is responsible for the Northern EMEA region at Radware, specialising in network and application security. He oversees the cyber security for international brands as well as medium sized enterprises in a mix of sectors including finance and insurance, retail, utility, public sector and telcos and ISPs.