Stellar Labs talks to Matthijs Nelissen, co-owner of Cyber4Z, a company who specializes in consultancy in the cyber security world. Matthijs and his team are knowledge partners for Stellar Labs and in this interview. He shares his thoughts on how to build an effective cyber security team, why it’s important, how to design a cyber security training programme that “sticks” and the role of women in the cyber security field.
How to build and train a team of cyber security specialists?
When looking at who to hire to start building a cyber security team for your company, Matthijs stresses the importance of keeping up with evolving technologies. “It’s a very evolving world, so you really have to make sure that people aren’t only knowledgeable but are also able to maintain this. So, you can build a good cyber security team. You have to educate them well. You have to make sure that you get the right work experience and you have to make sure that they stay up to date.”
Technical certifications are obviously essential, but experience is a valuable asset on any team. “Whenever we have a more junior consultant, we let him tag along with a more senior consultant, so he gets the right work experience.”
What about women in the cyber security field?
Matthijs would like to see more women in the cyber security field. “Cyber security is not a man’s world, but the percentage of men is far higher than women. We are already very fortunate to have two women on board, but, yeah, I think the more the better and they bring something else to the table.” As Stella remarked, there are efforts in London to start bringing more women into cyber security: “My daughter works in cyber security and one of the things they’ve started is Ladies of London Hacking Society. Trying to encourage more women into the field.” In Forbes magazine, Priscilla Moriuchi, Director of Strategic Threat Development at Recorded Future discusses why gender diversity is beneficial for cyber security, “We need people with disparate backgrounds because the people we are pursuing, (threat actors, hackers, ‘bad guys’) also have a wide variety of backgrounds and experiences…The wider variety of people and experience we have defending our networks, the better our chances of success.”
Cyber security training methods that “stick”
Cyber4Z has partnered up with Stellar Labs on their cyber security training programmes. Matthijs discusses what makes for a good training programme: “It’s the delivery method that really differentiates this one from others. I’ve done a lot of cyber security training. There is a lot of trainings with a big PowerPoint slide deck and a trainer that is knowledgeable. If you’re lucky, he can deliver very well. If you’re not lucky, you will have very boring training on a very interesting subject, which is a shame and it doesn’t stick. So, I think what really will help is the delivery method. The way we set up the course here. So, you do preparation, you do workshop, you have tasks afterwards. You have repetition built-in.”
Additionally, there’s a more interactive aspect to the teacher-learner dynamic in the Stellar Labs training programme. “I set up and I facilitate every participant to maximize their learning experience. But it doesn’t have to be always me…there’s a lot of research and a lot of things that the participants can do themselves during the labs. Which is different from me just delivering a talk or a training by only broadcasting. I also think it will be a lot more fun. If I look at the material that we’re getting and the type of exercises that we’re building in, it’s really a lot more fun than a traditional training.”
The importance of soft skills on a cyber security team
The cyber security field can contain a lot of “lone wolf” types. But, in fact, communication skills among team members are crucial for a successful cyber security team. Matthijs explains that, “you’re hired because you have a certain knowledge. But it’s not valuable for a customer if you can’t transfer it. And so, you need to have some communication skills…Of course there’s a lot of technical stuff. You have to know the way you pen test, but you have to be able to write a report and to be able to present the findings to somebody that doesn’t understand the technical details.”
If your company is experiencing a threat, it’s important that the cyber security team is able to work alongside other departments in the company to come up with a solution. “In the end, your cyber security team has to work together with all other departments to make sure that the company stays safe. To make sure that the data is not breached or when it’s breached, that it’s resolved/analyzed in a timely matter. So having those like knowledge champions within your team that can also help transferring that knowledge to the organization. I think that’s very important when you build a team.”
Interested in taking our Cyber Security training with Matthijs and our Stellar Labs team? Email us at firstname.lastname@example.org or phone +32 78 48 13 45.