What’s the cost of cybersecurity change?

Grayce Analyst, Jonathan Smee discusses his role working in cybersecurity for a magic circle law firm.

Increased cyber threats

Cyber threats are ever-changing and constantly become more advanced. If firms don’t maintain high information security standards, then they will likely fall victim to malicious groups stealing data and disrupting networks which directly impacts firms’ operations. It needs to be understood that malicious groups do not discriminate on who they target, meaning any firm can fall victim to a cyber-attack.

The growing trend of state-sponsored attacks is particularly concerning as, unlike traditional hacktivist groups, they utilise sophisticated technology and receive a significant amount of investment to carry out cyber-attacks. If firms neglect their Cybersecurity functions, then they are at high risk of being involved in major cyber incidents on the same scale that DLA Piper and the National Health Service experienced.

Demand for talent against a global shortage

There is expected to be a global shortfall of talent by 2020, of over one million so the demand exceeds the supply across many industries. Cybersecurity teams are now forced to take alternative approaches for securing this type of talent. These can include retraining current IT staff or from sourcing external contractors who are specialists in Cybersecurity. Grayce provides a cost-effective and high-quality solution, helping bridge the Cybersecurity talent shortage.

Grayce is developing Cybersecurity talent

As a Grayce Analyst, I joined the Development Programme and gained accredited qualifications in change management, project management and business analysis. I’ve been able to apply what I’ve learnt in my Cybersecurity client assignment. I’m part of a Grayce team, working on-site with the client as they look to develop talent and build their team.

Working in the Tactical Unit of the Information Security Group, I support Cyber Incident Response, Audit and Governance and Data Privacy activity. I ensure best practice is followed with requests and checks, but also have a broader role where I am involved in change management projects that help to maintain the confidentiality, integrity and availability of information at the client.

The Information Security Group at my client is a relatively small team and it’s fair to say that my colleagues had capacity constraints before we joined. As a result, the team were unable to implement change effectively or propose better ways of working. The additional capacity provided by the Grayce Analysts in the team has enabled benefits to the wider organisation through the delivery of change and from the ability to identify vulnerabilities that may have otherwise been overlooked.

Delivering real benefits

The work Grayce Analysts deliver allows the client to respond proactively to malicious groups attempting to compromise our networks. Many organisations respond reactively, and this is where data leaks and costs can be severe! It’s particularly important within the industry I’m currently in as they are prime targets for cyber-attacks due to the significant amount of data held on their clients which, if stolen, could be used against them.

I’ve been able to use numerous BA skills in this current client assignment depending on the needs of the business, as demands change every day. Stakeholder relationship management is key as you deal with a variety of departments in the role.

I regularly address complex business problems moving processes from ‘as is’ to ‘to be’ states. Sometimes these requirements aren’t always clear, so we run designated workshops with key stakeholders to conduct requirements engineering. I also actively map out end to end processes and regularly make recommendations of methods to streamline processes, to remove waste and increase efficiency.

If you’re looking for ways to build your Cybersecurity talent pipeline, Grayce provides a sustainable and cost-effective way to build teams of highly capable people.