Back in June, we launched our first Cyber Expert Group, comprised of security experts from the region's leading businesses. Last week we welcomed our latest member, Steven Cockcroft of CySec Professionals Ltd.
This week we sat down with Steven to discuss; the Cyber Expert Group, what being a part of Greater Manchester means to him, how COVID has changed how his business works, advice for SMEs & more.
Through its wholly-owned websites (Cybersecurity Professionals, Cybersecurity Academy and Cybersecurity Graduates) and global partnerships, CySec Professionals offers opportunity, education and inspiration to both existing and future cybersecurity professionals worldwide. CySec Professionals is an APMG International Accredited Training Organisation (ATO) for the NIST Cyber Security Professional (NCSP) programme and provides NCSC Certified training.
Why did you join the Cybert Expert group with the NWCRC?
A large part of what we do is Corporate Social Responsibility, and joining the NWCRC perfectly fits these objectives. We like to help others.
How have the last six months (lockdown and working from home) and COVID changed how you're working?
We have partnerships around the world and are well used to working ‘remotely’. However, our instructor-led training NIST Cyber Security Professionals (NCSP) courses are currently being delivered virtually instead of the traditional classroom-based format.
We have also seen an increase in the uptake of the eLearning delivery option for training and exams. Our cybersecurity academy program was developed to support delegates globally and is, by design, delivered virtually.
Do you think this change is permanent for the industry in how we've adapted to work?
Interesting question. Remote working is here to stay for many, I suspect, evidenced by many recent announcements by larger organisations in multiple statements indicating a return to the traditional ‘office’ working will be delayed and, in some cases, will not happen as offices are closed permanently. Clients also have expressed the opinion that many employees will not return to the office as remote working becomes the norm.
What advice would you offer small businesses that haven't considered cybersecurity before?
The advice I would give to small businesses is to start with the basics. For example, implementing the five controls within the UK National Cyber Security Centre Cyber Essentials guidance and improving the organisation's security posture from there as appropriate. For a sole trader, that is probably all that is needed.
For organisations with more than a single employee, once the basics are in place, consider the guidance within the 10 Steps to Cyber Security, which crucially introduces risk management to further an organisation's understanding of the cyber risks they face and also introduces staff awareness.
Further guidance is available from there, depending on the context of the organisation. For example, the IASME standard, ISO 27001 and the NIST Cyber Security Framework.
SMEs should remember that certification to frameworks/standards such as Cyber Essentials and ISO 27001 is optional unless there is a compelling business case for the spend. In my opinion, the business benefit for SMEs in the short term is that it improves security and cyber risk management, which should always be the focus.
Why should they think more about staying secure?
All small, medium and large businesses have a presence on and/or devices that connect to the internet. The longer this is ignored and/or risks are not fully understood, and no action is taken, the greater the vulnerability. With increased vulnerability comes an increased likelihood that something will go wrong, either a malicious act, e.g. a ransomware attack or a non-malicious act, e.g. an employee clicking on a phishing email. It’s not a case of if but when!
As well as the financial impact of an incident, SMEs, in particular, should pay attention to the brand and reputational damage that could be caused by a cyber-attack.
The courses you run are available as eLearning and instructor-led training options. What kind of timescale and commitment are your NCSC courses? Are they something someone can do in the evenings, or do they need to set aside days in their calendar?
Delegates choosing the eLearning options have 12-month access granted to the courses so they can study in their own time, at any time, during this period. Perfect for those with a busy 9-5 schedule and those like me who prefer to revisit materials to ensure understanding before sitting the online exam. The exams themselves are booked at a time and date of the delegates choosing.
What does being based in Greater Manchester (and the North West) mean to you? Do you enjoy working in this area?
I was born in Rochdale, joined the military, travelled the world (literally) and came back to Rochdale for various reasons, and I am glad to be back.
The North West does not get the credit and recognition it deserves. It has great towns, fantastic cities and the countryside on your doorstep and of course, the best football team in the world is located at the Etihad stadium. What is truly great about the North West is the inspiration you get when talking to people and the scale of potential. It has been great to see the development of Manchester city centre, for example, and the number of companies being created and growing in the digital and tech sectors. The same opportunity exists for cyber. Hopefully, we can assist in unleashing that potential.
What does the remainder of 2020 look like for CySec Professionals? Are any events in the pipeline?
The next 3 months look fantastic, with initiatives and partnerships being agreed upon across all 3 websites and associated programmes. We are particularly enthused about the interest in our ‘sponsorship’ initiative being driven through the academy, which will help the unemployed, military veterans, graduates and emergency services workers into the profession.
We are also extremely excited about 7 to follow on NCSP Specialist courses due to be released in early 2021, which are currently undergoing various accreditation and certification processes. Our graduate site is currently being developed and will be released early in 2021. We continue to progress partnership opportunities worldwide for all three websites. So, there's a lot to do!
For more information about CySec Professionals Ltd and its services, visit their website.
Comments