Quelles sont les lacunes les plus courantes en matière de compétences en matière de sécurité informatique dans les organisations ?

To begin with, being passionate about any profession is crucial. Many people simply follow market trends and join a job for the sake of it. However, when they actually step into the field, they often start losing interest. Next, people are not given attention to uplift them. They lose interest after doing the same thing repeatedly for years. They are neither provided with proper guidance nor any additional roles assigned to them. I think C-level and senior management should engage with individuals at all levels within the department periodically, rather than interacting with only a few individuals. They should seek feedback and assess their skills.

It seems that IT security skills gaps are more volatile than ever, mainly due to the fact that the tech environment and the business cases around these are changing in an increasing pace. I would distinguish the gaps into two parts: The Hard Skills, including Cybersecurity Judgement, Compliance/Regulatory Knowledge, Leading Edge Technologies (e.g. AI, Data Analytics) Risk Management and the Soft Skills, that include empathy, communication, minimum effective mindset and adaptability. Bridging these gaps for any professional, would obviously reduce risks, but also increase productivity and sustainability of business.

Humans are the weakest link in the cybersecurity chain. Many organizations struggle with ensuring that all employees have a basic understanding of cybersecurity principles. Training programs often need improvement to keep pace with the rapidly changing threat landscape.

A concerning issue is the lack of cybersecurity fundamentals among IT staff and users. Without this knowledge, they may inadvertently violate security policies, leading to compliance breaches and regulatory penalties. Organizations must prioritize training and awareness programs to mitigate this risk and maintain compliance.

One key thing I look out for when interviewing an IT security personnel is the ability to do research and know what we are trying to protect (research and resourcefulness). The willingness to go the extra mile to understand the system within the context of the business is key to ensuring security is applied appropriately at the right place and at the right time to support business needs and objectives.

Cloud Environments give us a great advantage in terms of scalability and mainly implementing microservices structures, so the permission level must be looked at with the utmost attention, cloud architects often think about facilitating access and they give privileged access to many groups and people within an organization, making the attack surface very large, making each cloud user a possible High-Value Target, which is why implement Threat Modeling solutions, Security requirements for cloud architecture, tools such as CIEM, CSPM, KSPM, CNAPP, among others are very important.

While the IT staff's role is crucial, selecting a trustworthy cloud service provider is equally significant. To identify a reliable service provider, it is essential to examine the certifications they possess, such as ISO27001, HITRUST, and SOC2 Type2. Beyond just certifications, it's vital to assess the scope of the audit associated with these certifications. In summary, even if a cloud service provider holds certifications, an audit report is indispensable for evaluating the maturity of their information security controls.

It's natural to look at a cloud environment and explore how you would do the thing you've always done on-premises, but in the cloud. This is the wrong approach, Instead, explore both the new security capabilities that the cloud can offer, as well as the new attack points for your cloud or cloud-connected resources.

No campo da segurança cibernética, como CISO, a jornada revela desafios palpáveis. Questões como o uso de usuários padrão em administradores locais e a ausência de protocolos essenciais como IPSec surgem como brechas notáveis. Aprimorar a gestão de senhas e fortalecer a sintonia entre a alta gestão e as políticas de GRC são cruciais. A segmentação eficiente e a clareza nas funções representam, na prática, uma defesa robusta. Como líder, orquestrar a sinfonia de segurança exige uma fusão hábil entre tecnologia e estratégia, defendendo nossa postura em um cenário digital dinâmico.

For cloud security, it is very important to have a well-trained IT staff, but equally important is to choose a reputable cloud service provider. To identify a good service provider you need to take a look at the certifications that the cloud hosting service provider has (ISO27001, HITRUST, SOC2 Type2). Apart from having certifications, it is important to check the scope of an audit for those certifications. In short, although cloud service provider has certifications an audit report is a must to determine the maturity of information security controls.

Threat intelligence is very important, but only if it is implemented the right way in an organization. Only an integrated approach to threat intelligence that looks at geopolitical, political, economic, security, and cyber threats, and their interconnection, is the right approach for medium and large organizations that work internationally. Also, it is very important to have an inclusive threat intelligence program, that spans throughout the organization, of course with special attention to IT staff. Threat intelligence should support all other efforts that the company implements to manage risks (awareness programs, enterprise risk management, incident management, physical security, business continuity, etc.)

Nur wenn Bedrohungen bekannt sind kann ich auch darauf reagieren. Daher ist das Management solcher Informationen für Firmen eine wichtige Maßnahme. Persönlich bin ich der Meinung, dass die meisten Unternehmen hier noch zu wenig den Wert erkannt haben und das sammeln solcher Informationen häufig sehr unstrukturiert geschieht. Es gibt bereits für z.B. KRITIS-Unternehmen regelmäßige Lagebilder die vom Bund bereit gestellt werden, hier sollte auch der Staat offener werden und diese Informationen breiter streuen. Leider sind Firmen nur bereit, wenn das IT-Personal gute Argumente liefert. Dies wird durch solche Lagebilder und die Darstellung von Angriffswegen und der Vielzahl der Angriffe einfacher.

Effective utilization of threat intelligence is vital, provided it is applied appropriately within an organization. The correct approach for medium and large international organizations involves an integrated perspective on threat intelligence that encompasses geopolitical, political, economic, security, and cyber threats, while recognizing their interconnected nature. Furthermore, it's essential to establish a comprehensive threat intelligence program that spans the entire organization, with specific emphasis on the IT staff. This program should complement and reinforce all other risk management initiatives, including awareness programs, enterprise risk management, incident management, physical security, and business continuity efforts.

Threat intelligence still refers to collecting IP/Domain from OSINT and use to block in perimeter. We are not bothered about the context, intention behind those attempts, attacks. Root cause for scanning, phishing attacks, that is where TI skills comes handy. Leaders should set a objective for TI and scope. as proactive approach should define threat models, target threat actors and start building the threat database and even before that understand the business and its criticality. Physical and online dangers from adversaries, this will help. Try to build predective threat intelligence based on data collected. Build more preventive and detective controls in tools and process. Divide Tactical, Strategic and operational intelligence

Threat intelligence provides an understanding of the motivations and capabilities of threat actors. It puts security teams in their shoes. By knowing this, security teams can identify which threats have the highest potential to affect them. This can put them one step ahead of threat actors by using the right countermeasures and anticipating the methods used by threat actors.

Within the cybersecurity business, one of the biggest concerns is the talent gap in security automation which is crucial in managing the increasing volume and complexity of cyber threats. Some of the major reasons for this include but not limited to: - Rapid Advancements in Technology: Cybersecurity is constantly evolving, with new attack methods and dangers emerging. Organizations face challenges in keeping up with the latest security automation tools, exacerbated by limited education and training resources. - Knowledge gaps due to inadequate training and development, usually a result of limited training budget. Also, many training programs do not adequately cover security automation concepts.

In the realm of cybersecurity, a prominent issue is the shortage of skilled professionals proficient in security automation, a critical aspect in handling the growing scale and intricacy of cyber threats. Some of the primary contributing factors to this problem encompass, but are not confined to: - Swift Technological Advancements: The ever-evolving nature of cybersecurity introduces new attack techniques and threats regularly. Organizations grapple with staying abreast of the latest security automation tools, a challenge exacerbated by the scarcity of educational and training resources. - Knowledge Gaps Arising from Insufficient Training and Development.

Automation is taking place into operations in hefty ways. We are eliminating manual tasks and replacing with playbooks into SOAR, SIEM. We can maintain KPI in proper way mainly MTTR / MTTD. Orgnisation mindset, capabilities, skills and resource are few road blocker in acheiving automation. My opinion for automation is that we acutally need to integrate in platform out of box like DIY, so to increase the acceptibility and remove complexity. and thereafter focus on niche skills, technologies (AI/ML dangers)

The deficiency in security automation skills within IT staff presents a technical efficiency challenge. In an increasingly complex threat landscape, security automation is essential for rapid threat detection and response. Without these skills, organizations may experience delays, inaccuracies, and increased risks in security operations. Addressing this gap is crucial for improving technical efficiency, reducing human errors, and enhancing the organization's ability to adapt to evolving threats. Implementing security automation platforms and training IT staff in their use and integration is key to meeting these technical challenges.

Die Automatisierung von Sicherheitsmaßnahmen entspricht heute dem Stand der Technik. Angreifer nutzen KI, um Unternehmen zu schaden. Entsprechend muss ein Unternehmen möglichst schnell und intelligent reagieren, um Angriffe abzuwehren und den Betrieb nicht zu stören. Daher gilt es, automatisiert bspw. einzelne Schnittstellen und Angriffsvektoren zu unterbinden, wenn dort ein Angriff erkannt wird.

Having empathy is crucial in IT security. While it may be easy for a security analyst like me to spot a phishing email, it may not be as easy for someone who does not operate in a security or even an IT role. It is important to be non-judgmental and understanding to foster a healthy working environment where information security matters can be shared and discussed without difficulties.

I have seen in my tenure with my teams, one can be incredible talented in terms of tech skills, but very poor in presenting his own work to a larger audience, needless to say this is very common, to address this i would like to focus on: 1. Identify the weak pole and provide more and more oppurtunity to nourish (debate, internal team presentation, document writing etc) 2. Provide more oppurtunity to participate and lead in inter team connection to create visibility, exposure and trust 3. Further, regular connect with IT and Security team to better colloboration, understanding priorities.

I would like to highlight three points in this category 1. Understanding business objectives why an organization exists, what key objectives they want to achieve, and on top how IT security/Cyber security can support achieving this 2. Articulate how security risks would create impact on achieving the objectives 3. Develop necessary technical skills to implement the right (not the best) for organizations. Also organizations must support employees to excel and grow.

People are like water, they'll take the path of least resistance. And if your security tactics are causing that resistance, they'll find a way around them. Soft skills are vital for getting the business onboard with WHY things are in place, instead of constantly hassling them about things to do and not to do. They need to understand a little more about the risks & impact of bad security practices.

Soft skills and communication skills is something that most people who gets in to IT and Information/cyber security care least about however, it is a lot more important than most new people thinks. Technical skills or being specialized in an area is surely important however, if you can communicate the issues and your thoughts clearly and works with others in a team setup, you will soon get highlighted as a good IT/security resource in your organization. At the end of the day, the managers wants people who can communicate well, coordinate with others and more importantly, they wants people who can present the holistic angle of a issue or a solution to them in a clear and concise way so that they can take the next course of action.

The most common gap is in the implementation of IT Security solutions & inability to use logic/common sense as we are so focused in situations or lack organisational constructs that we don't see the obvious. One must have deep understanding of technology, risk management, and business operations. A combination of these skills will allow you to not only protect the technical aspects but also align security measures with the company's strategic goals, ensuring an effective cybersecurity posture. Cybersecurity doesn't exist in a vacuum. It's important that professionals understand the needs & objectives of the business they are protecting. Knowledge of infrastructure security, Network, Cryptography, Cloud, IAM & Software development is a must.

The biggest skills gap is experience. Why? Because the hiring manager is looking for experienced people. Got 2 years under your belt? Great your hired. Just got out of college with a degree in Cybersecurity? Sorry, you do not have experience. Hiring managers need to take the leap of faith and hire that the new person. Take the chance. You may just find your next cybersecurity rock star.

A considerable shortfall common in IT operations is lacking well-defined processes and comprehensive documentation. It's cool to look at threat intelligence or cloud security, but it will be a lousy time if processes or simple things like an IT baseline are not documented. It's beneficial to master the basics before moving on to other aspects of IT Operations as it builds a quality foundation.

Agregar una concientización y capacitación en ciberseguridad según mi punto de vista es fundamental, esto debe realizarse continuamente a toda la organización, todos los años y cada cierto periodo de tiempo, realizando pruebas y test a todos los funcionarios, con capacitación especiales a quienes fallen. Sé de ve incluir también al menos a los proveedores directos y críticos, que manejen sistemas e información crítica de la organización.

The ability to set up and organize security processes. Security tools are implemented without building proper processes to optimize the use of those tools.