During the current era, both big companies and small start-ups, are using Information Technology for ease of doing business, however it makes them vulnerable for Cyber-attacks. So, it becomes necessary for them to use Cyber security professionals e.g. CISO (Chief Information Security Officer) in order to protect information assets. ,It goes without saying  that information security activities in any organization consume more resources than ever before. Cyber criminals (Hackers) are becoming better all the time, and staying ahead of them is getting tougher. However, it’s not just more zero-day attacks by sophisticated criminals; competitors, growth of the organization, elevated infrastructure complexity and new compliance requirements also desire more cyber defence staff, adequate time and right technology to avoid becoming a victim of a cybersecurity breach.

In earlier days security was primarily focused on physical access to facilities and resources, or adding layers of logical controls to protect business application and data. However, security concerns of the present era don’t fit into this old traditional way anymore. Security concerns impact every aspect of an organization’s operations and should be an integral driver of strategic planning, along with all decision for future expansions.

Since cyberattacks have become smarter and more sophisticated at exploiting vulnerabilities, with the availability of many open-source tools it is easier for hackers to launch new attacks every other day. For the organizations and start-ups cyber security shall be a proactive program rather than a reactive which is to be launched at the time of cyber-attack. Thus, information security is an integral part of organizational strategic growth. It is just as important as goodwill, financial turnovers and product quality.

What is Chief Information Security Officer(CISO) and Virtual Chief Information Security Officer(V-CISO) ?

Top management team should be aware of the impact of lack of information security on their organization’s profitability and durability. A shortage of information security in the organization could result in heavy fines for non-compliance, punitive rulings after finding liability or negligence, or a loss of customers and partners after a confidence-shattering breach. There is a big risk of underestimating information security and it is too big to ignore.

In order to address the growing awareness of information security’s importance to strategic planning, many larger organizations and start-ups include a Chief Information Security Officer (CISO) at the executive level. Chief Information Security Officer is the executive who is responsible of Information security and cyber security compliance in the organization.

Many a times companies cannot afford the cost of having own CISO because of the huge salary range. There are situations where the organizations including start-ups need a CISO , but the budget doesn’t allow for a full-time person in that position.

However, there is a cost effective alternative. Organizations specially start-ups that lack the budget for a full time CISO can opt for an outsourced solution: The Virtual CISO, or V-CISO.

A Virtual-CISO is a information and cyber security expert who uses the expertise  of his/her years of industry experience to help organizations and start-ups  by developing and managing the implementation of the organization’s information security program in order to attain various government and non-government compliances. At a high level, V-CISOs help to build the organization’s security strategy, implementation and its management as well.

Organization’s internal security staff may work and report to V-CISO in order to strengthen the information security and cyber security framework and make it more impactful. In addition to this, the V-CISO is usually expected to be able to present the organization’s state of information security to an organization’s board, management team, auditors, or regulators.

Benefits of having a V-CISO

A V-CISO is generally a cybersecurity professional who works part-time basis offering information security services to multiple organizations at a time, working for several throughout any year. This gives organizations a flexibility to hire part-time CISO on requirement basis.

The V-CISO fills several needs through different types of services, including:

• Information Security and Cybersecurity guidance to management executives in order to adhere compliance guidelines
• Information Security architecture guidance
• Incident management including response
• Governance plans
• Cyber Security readiness assessment
• Compliance alignment recommendations (for ISO 27001,RBI Guidelines for banks ,NBFC, HIPAA, GDPR, PCI-DSS, CCPA and may more)
• Remediation prioritization
• Business Continuity Planning and Disaster Recovery Plans and DR drills.
• Identification of scope and objective for the information security compliance
• Risk management (risk identification and treatment)
• Vendor risk management
• Coordination of audits by regulators or customers

Why you organization need a Virtual CISO?

If your organization needs more information security compliance -related guidance at the management level, consider whether a V-CISO would be a good potential option. If you are a a start-up and your budget won’t support a CISO, you might need a V-CISO .If any of the below mentioned scenarios  are similar to  your situation, your organization might need a Virtual -CISO.

• If you are start-up and are really unaware whether you’re vulnerable to cyber security breaches: If your organization hasn’t yet assessed its information security risk, you might need a V-CISO to initiate and support that process.
• Your organization has been breached and no one from your team was able to detect the attack: Post-breach investigations and recommendations often lead to organizational leadership remodelling. One of those remodelling includes information security member of the executive suite. If this is the case, you might need a V-CISO.
• If you are a start-up dealing with critical customer data: In this case if you don’t want to hire a full time CISO, you need to have a V-CISO in order to safeguard your information assets and avoid high penalties because of non-compliance of various regulations
• Important or major changes have occurred that could impact security: If your organization is having mergers or acquisition, security risk should be assessed. Any significant outside influences, such as a global pandemic or natural disaster, which could impact business continuity as well all information security. If your organization doesn’t have anyone who can guide during these times and ensure security is not compromised you might need a V-CISO.
• If your organization wanted to share the workload for the existing CISO: Changes to the organization scope or environment, including new regulatory compliance requirements, may increase the demands of a CISO beyond their current capability. If your existing CISO requires helping hand, you might need a V-CISO.

There could be multiple reasons to have a V-CISO for your organization. An experienced V-CISO will provide valuable guidance and customised solutions as per your organizational needs. As well as it will save you from the burden of paying salary of a full-time CISO.

How to find a right V-CISO?

If you are struggling in your day-to-day information security requirements V-CISO would be a beneficial to your organization, and decided to have one. The very next step is how find the right one. A good amount or research and investigation can help you. Online reviews and existing customers feedback can help you to find a good fit, knowledgeable V-CISO for your organization.

The general process for engaging a V-CISO generally flows like this:

• Set up an initial consultation meeting (commonly one hour at no charge)
• The V-CISO delivers a proposal of scope of work including high-level information security readiness, proposed services and costs
• You may accept or reject the proposal, and then moves forward

• If you decide to engage a V-CISO, then negotiate an agreement that meets your requirements. If you need periodic gap and risk assessment and remediate report, make sure that is explicitly mentioned in the agreement deliverables.
• An agreement with a V-CISO can be set up for a hourly, monthly or quarterly basis . Make sure that you are getting the services you are paying for.
• A V-CISO can be an affordable and flexible approach to adding extensive information security experience and wisdom to your management team. If a V-CISO is a good fit, it can help your organization to identify and safeguard the weak links which could lead to aggressive cyberattacks.

#Key words- CISO,Virtual CISO, VCISO,vCISO, ISO 27001,GDPR,RBI, cyber security, information security, compliance, hackers, cyberattacks.

CYBER SECURITY CERTIFICATIONS FOR BEGINNERS

Information Technology has become an integral part of every business now a days irrespective of its nature and size. Information Technology brings a lot of ease of doing business at the same time it increases risk as well. Businesses are taking cyber security risks seriously which has made Cyber Security is a good career option now a days. There are multiple certification available in the market which can help anyone to get into cyber security. These certifications are blend of existing technologies and security. To become a successful Cyber Security professional one has to be good inboth networks and application. Below are few training and certification courses which any beginner can pursue to start his or her career in cyber security.

CCNA(R & S) (ROUTING AND SWITCHING)

CCNA(R&S) or Cisco Certified Network Associate is the most popular certification to start a career in IT and cyber security. This certification has global value.

Perquisites: There is no perquisite for CCNA certification. Candidates should have interest in networks and IT infrastructure

What the participants will learn?

CCNA certification training gives a deep insight of networking .It helps students to develop a complete understanding of IT networking and different kind of network topologies in order to form efficient and secure networks. It also provides deep level understanding of different routing protocols as well.

What are the Career option after this certification?

After successful completion of CCNA training and certification program one can start his or her career as

• Network Associate,
• Network Administrator
• System administrator
• Network Engineer
• Technical Support Engineer

CCNA (SECURITY):

Cisco Certified Network Associate(Security)is an entry level globally recognized certification for the aspirants who are planning to build their career in Network Security and cyber security

Perquisites: CCNA(Routing and Switching)

What the participants will learn?

CCNA Security certification training helps candidates to learn secure network architecture. After training participants will be able to install, monitor and configure various network security devices like Firewall, VPN, Routers and switches, IDS, IPS

What are the Career option after this certification?

After successful completion of CCNA Security certification and training candidates can pursue their career as:

• Network Security Engineer
• Network Support Engineer
• Network Security Specialist
• Network Security Administrator
• Network Security Analyst
• MCSA

Microsoft Certified Solutions Associateis a globally recognised certification from Microsoft which provides great career opportunities in the field of network system and technical support. This is one of the most sought after certification in Information Technology infrastructure.

Perquisites:  There are no perquisites, however a good knowledge of network fundamental and databases will be helpful

What the participants will learn?

MCSA training and certification will help the candidates to learn installation and configuration of Windows Server 2016. Candidates will also learn Windows administration .MCSA training and certification will generate the skillsetthat focus on designing and producing technological solutions

What are the Career option after this certification?

• Network Administrator
• Database Administrator
• Technical Support Specialist
• Systems Administrator
• Computer Network Specialist

RHCSA

Red Hat Certified System Administrator is a certification for developing skillsets in working Red Hat Enterprise Linux environment. This is also a very popular and globally recognised certification.

PerquisitesThere is no prerequisites for the certification.

What the participants will learn?

This training and certification will help the candidates to understand Linux command line environment, file and directory structures. Creation and Configuration of files and file systems using command line. Manage user and groups. Management of basic security configurations like firewalls etc.

What are the Career option after this certification?

Few of the career options are:

• Linux System Administrator
• System Analyst
• System Engineer
• Server Administrator
• CEH

Certified Ethical Hacker is a certification from E C Council which provides an offensive approach of Cyber security i.e. how the networks and application can be hacked. This is a very popular and globally recognized certification.

Perquisites: Candidates appearing for this certification should have basic understanding of networks, servers and databases.

What the participants will learn?

Participants attending CEH training will learn about different phases of hacking like information gathering, network scanning, enumeration, attacking and how to delete footprints after successful attack. This training and certification gives you a hacker’s perspective while attack.

This program also gives a deep understanding how networks, application Wi Fi, IoT devices can be attacked by using loopholes and vulnerabilities in the existing systems.

This certification develop a basic and initial skillset of hacking(security testing) among the participants.

What are the Career option after this certification?

There are multiple career options after successful completion of CEH training and certification course. One can pursue career as:

• Network Security Engineer
• Security Engineer
• Vulnerability Assessor
• Information Security Analyst
• Information Security Consultants
• Cyber Security Consultant
• Web Application Penetration Tester
• Network Penetration Tester
• ISO/IEC 27001 LEAD AUDITOR

ISO/IEC 27001 Lead Auditor is a globally recognised certification in the field of cyber security and information security. A certified Lead Auditor understands the mandatory requirements of information security and is well versed with the process of auditing.

Perquisites: To become ISO/IEC 27001 Lead Auditor candidates should have 2 years of Information Security Auditing experience.

What the participants will learn?

After successful completion of ISO/IEC 27001 LA program candidates will able to perform information security audits in any organisation. Candidates will learn the Information Security Management System as per ISO 27001 & all its controls and how to plan, conduct and close an audit according to ISO 19011.

What are the Career option after this certification?

Career options after this certification are:

• Information Security Internal Auditor
• Risk Assessor
• Lead Auditor
• Risk Manager
• Information Security Consultant

Cyber Security scenario is rapidly changing, new technologies are coming in the market and old technologies are getting obsolete. One needs to know the basics irrespective of the technology domain in which he or she is working. One can choose the complete suite of certifications or a few certifications as per their interest. Cyber security is also about innovation where one can make their own customised solutions according to the organisations need against the current and upcoming risks.

# Keywords:  Cyber security, Information security, CEH,CCNA, ISO 27001 LA, risk, threat,MCSA, RHCSA, certification

# Tags:  career, jobs, cyber security, Information technology, beginner, certification.