The release of the GFSC’s Cyber Security Rules & Guidance last week, shows just what a vast array of areas a business’s cyber security experts or team has to cover. Based on the five core principles of Identify, Protect, Detect, Respond & Recover, under 'Protect' there are 14 different items requiring action; including network monitoring and data loss prevention tools, staff training, Board reporting and the creation of policies and procedures.
With a worldwide shortage of cyber security experts, (estimates are in the millions) and the increase in cyber regulations, getting it cyber right in-house has never been more important but possibly never more difficult. Businesses are therefore looking to outside cyber security providers such as the team at Resolution IT.
James Ogier is a Senior Security Consultant with us and is next in our series of ‘Meet The Team.’
So James, tell us a little bit about your role
I’m part of the growing security team at Resolution IT, helping clients secure their environments and implement security best practice and information security solutions suitable and proportionate to the size and type of business they are. I focus more on the governance side of things, mainly based around the IASME framework, helping clients implement information security policy framework including risk assessment and management, third party and supply chain assessment, asset management, user education programmes and so on.
I am the holder of a ISC2 Systems Security Certified Practitioner certification which is a globally recognized advanced security administration and operations certification. I am also a Cyber Essentials and IASME assessor and can help clients achieve both of these certifications. I also dip into elements of quality management as quite a lot of the information security policies and procedures overlap this area. I spent 10 years working in the aviation industry, starting off as an aircraft engineer and then moving into technical records/quality management so have quite wide experience in this particular area.
We work to help clients secure their environments and implement information security policy frameworks, including risk assessment and management, third party and supply chain assessment, asset management, user education programmes and so on.
The GFSC Cyber Security Rules & Guidance talks about businesses considering some form of certification like Cyber Essentials and Cyber Essentials Plus. As a Cyber Essentials certification centre we obviously believe in their value – they’re a great first step on your cyber security certification journey, whilst IASME pretty much covers off all the GFSC rules.
How do you keep on top of all of that?
Microsoft To-Do, it saves me keeping my ever-growing list of things to do somewhere other than my brain! I love how it integrates with other Microsoft apps; for example, if you’ve flagged an email up in Outlook, it’ll appear as a flagged item in To-Do. With being able to create and share lists between the team it also helps us stay on top of the never ending list of things needing doing across the department.
Do you have an ‘outside of work’ favourite app?
Again, it’s Microsoft To-Do – I think I’m a bit of a list maker!
What do you like about Resolution IT?
The culture. I have been with the company for over five years now and the environment we have built over time cannot be beaten. We have such a camaraderie between all the staff and quite a few of the team are my closest friends. We have some serious competition over the table tennis table at lunchtimes!
And finally, if you want people to take anything about this article, what would it be?
Security, security, security!
Do more of it, get certified to Cyber Essentials at least and allocate more budget to cyber security. The threats are only going to increase in variety and complexity and businesses need to be as prepared and protected as they can be.