OK, so the guys you hire probably won’t be hacking into the Matrix anytime soon. But what exactly will they be doing? Hopefully this handy cheat sheet will help.
1) Chief Information Security Officer – CISO
This is the top dog, the head honcho and Lord over all things Cyber Security. If you ever get an email from the CISO it is probably not good news. Just delete it and deny all knowledge. If you ever have to actually hire one, good luck. Good ones are as rare as hen’s teeth. Could be a logical progression for a BISO.
2) Network Security Consultant
His job is designing a network that keeps the bad guys out and let the good guys in. Expect their CVs to be littered with CISCO devices, firewalls and Intrusion Detection Systems. Careful though not to just recruit a network guy; they will need to understand the subtleties of Cyber too.
3) Application Security Consultant
Has got to be able to talk to and collaborate with developers, advising them how to make their applications secure against hackers. And possibly might do a little bit of hacking on the side too. Don’t let him borrow your iPhone.
4) Data Protection Officer
These guys should be given a medal for what is probably the most boring job on earth – and one which is basically impossible. It is their job to know about every single bit of data on your network; and how confidential it is; and who owns it; and whether it has ever been emailed to anyone. Oh, and to make sure it gets deleted after its use by date. Lucky them!
Also known as Data Protection Manager or Data Governance Manager.
5) Penetration Tester
Just a hacker under a different name, who uses his skills for good. Recently there has been a bit of a dumbing down with over use of automated tools. If that’s what you are after then fine, but to me you’re not really a penetration tester unless you can write your own exploits.
Also known as Ethical Hacker.
6) Cyber Intelligence Officer
Uses Open Source Intelligence to determine if a bunch of nasty hackers are on a crusade to despoil your network. Ideally he will also know how they plan to do this, giving you the opportunity to build up your defences. Essentially spends his time is darkweb forums so you don’t have to. He’s probably a double agent, and already has your credit card details. Be very afraid.