Back in June, we launched our first Cyber Expert Group, made up of security experts from the regions leading businesses. Last week we welcomed our latest member; Steven Cockcroft of CySec Professionals Ltd.
This week we sat down with Steven to discuss; the Cyber Expert Group, what being a part of Greater Manchester means to him, how COVID has changed the way his business works, advice for SMEs & more.
Through its wholly-owned websites (Cybersecurity Professionals, Cybersecurity Academy and Cybersecurity Graduates) and global partnerships, CySec Professionals offers opportunity, education and inspiration to both existing and future cybersecurity professionals, worldwide. CySec Professionals is an APMG International Accredited Training Organisation (ATO) for the NIST Cyber Security Professional (NCSP) programme and is a provider of NCSC Certified training.
Why did you join the Cybert Expert group with the CRC?
A large part of what we do is Corporate Social Responsibility, joining the Greater Manchester CRC fits with these objectives perfectly. We like to help others.
How has the last six months (lockdown and working from home) and COVID changed the way you're working right now?
We have partnerships around the world and are well used to working ‘remotely’ although our instructor-led training NIST Cyber Security Professionals (NCSP) courses are currently being delivered virtually instead of the traditional classroom-based format.
We have also seen an increase in the uptake of the eLearning delivery option for the training and exams. Our cybersecurity academy program was developed to support delegates globally and is, by design delivered virtually.
Do you think this change is permanent for the industry in the way we've adapted to work?
Interesting question. Remote working is here to stay for many I suspect, evidenced by many recent announcements by larger organisations in multiple statements indicating a return to the traditional ‘office’ working will be delayed, and in some cases will not happen as offices are closed permanently. Clients also have expressed the opinion that many employees will not return to the office as remote working becomes the norm.
What advice would you offer to small business who haven't thought about cybersecurity before?
The advice I would give to small businesses is to start with the basics. For example, the implementation of the five controls within the UK National Cyber Security Centre Cyber Essentials guidance and improve the security posture of the organisation from there as appropriate. For a sole trader, that is probably all that is needed.
For organisations with more than a single employee, once the basics are in place consider the guidance within the 10 Steps to Cyber Security, which crucially introduces risk management to further and organisations understanding of the cyber risks they face, and also introduces staff awareness.
Further guidance is available from there depending on the context of the organisation. For example; the IASME standard, ISO 27001 and the NIST Cyber Security Framework.
SME’s should remember that certification to frameworks/standards such as Cyber Essentials and ISO 27001 is optional unless there is a compelling business case for the spend. In my opinion, the business benefit for SME’s in the short term is that it improves security and cyber risk management, that should always be the focus.
Why should they think more about staying secure?
All businesses, small, medium and large have a presence on and/or have devices that connect to the internet and the longer this is ignored and/or risks are not fully understood and no action is taken, the greater the vulnerability. With increased vulnerability comes an increased likelihood that something will go wrong, either a malicious act, e.g. a ransomware attack or a non-malicious act, e.g. an employee clicking on a phishing email. It’s not a case of if but when!
As well as the financial impact of an incident, SME’s, in particular, should pay attention to the brand and reputational damage that could be caused by a cyber-attack.
The courses you run are available as eLearning and instructor-led training options. What kind of timescale and commitment are your NCSC courses? Are they something someone can do in the evenings or do they need to set aside days in their calendar?
Delegates choosing the eLearning options have 12-months access granted to the courses so they can study in their own time, at any time, during this period. Perfect for those with a busy 9-5 schedule and those, like me, who prefer to revisit materials to ensure understanding before sitting the online exam. The exams themselves are booked at a time and date of the delegates choosing.
What does being based in Greater Manchester (and the North West) mean to you? Do you enjoy working in this area?
I was born in Rochdale, joined the military, travelled the world (literally) and came back to Rochdale for various reasons and am glad to be back.
The North West does not get the credit and recognition it deserves. It has everything, great towns, fantastic cities and the countryside on your doorstep and of course the best football team in the world located at the Etihad stadium. What is truly great about the North West is the inspiration you get when talking to people and the scale of potential. It has been great to see the development of Manchester city centre for example and the number of companies being created and growing in the digital and tech sectors. The same opportunity exists for cyber, hopefully, we can assist in unleashing that potential.
What does the remainder of 2020 look like for CySec Professionals? Any events in the pipeline?
The next 3 months are looking fantastic with initiatives and partnerships being agreed across all 3 websites and associated programmes. We are particularly enthused about the interest in our ‘sponsorship’ initiative being driven through the academy which will help the unemployed, military veterans, graduates and emergency services workers into the profession.
We are also extremely excited about 7 to follow on NCSP Specialist courses due to be released in early 2021, which are currently going through various accreditation and certification processes. Our graduate site is currently being developed and will be released early in 2021. We continue to progress partnership opportunities worldwide for all three websites. So, there's a lot to do!
For more information about CySec Professionals Ltd and the services, visit their website.