Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

As a Junior AC one common task will be attending expert interviews and taking notes. You end up being the knowledge base and the one

As a Junior AC one common task will be attending expert interviews and taking notes. You end up being the knowledge base and the one who can contribute prime pieces of information in meetings that others are not aware of. This may not always be on a topic that you understand before the project, with some technical terms as in the example below. You are not expected to be an expert in all areas and often, it is important to look past the technical language to get the real story beneath it.

The Task:

OC&C is working for a company that offers cyber security testing in the UK and Europe, to help them develop their strategy for the next 5 years. This company's main service is providing 'testers,' who are people that will try to break into their clients' systems to check for any vulnerabilities and exposure that they may have to cyber criminals. Our client is a large generalist in this field.

As part of this process your team is considering factors such as how they compare to other players in the market, and the potential impact of the skills gap to their business. You have interviewed a few industry experts about the market and need to summarise the key takeaways (bullet points) in an email to send to the rest of your team, including the partners.

Please send an email to the team, which answers the below 3 questions by summarising points from the expert interview notes. Please format your response as one bullet point for each answer to the below:

  • Do customers generally use one provider at a time or multiple providers at once and why?
  • What is the most important accreditation for a tester in Europe to have?
  • What trend in the market is causing tester providers to increase their prices & what does this mean for smaller organisations?

Please remember it's important to be concise when summarising these types of documents. There is no need for additional information/ research to be able to complete to the task, all of the information you require is in the expert interview notes below.

Project Cyber Expert Interview Notes - 1st March 2022

The Market

Have providers been putting up the prices of testers with wage inflation?

  • About 50% have, but only putting them up about 30 a day on average
  • Smaller firms have had to put their prices up slightly, but all have seen a ridiculous increase in salaries of testers

Is this increase because of the skills gap? (Are there not enough testers with the skill set available).

  • Don't think so - there are lots of people out there, but they think that they deserve more than what companies can offer them
  • Lots of open positions but also lots of people looking for work
  • Highly skilled people know they can ask for 400k plus but smaller companies can't afford that, so smaller companies more likely to choose people without certifications
  • Lots of people are going independent, just this year they know 8 testers who have gone independent because they want a better work-life balance - they can work 12 days a month at 500 a day still earning pretty good money

If I am a customer using these services, would I usually have a single provider? Or use several?

  • In Europe especially the bigger organisations develop multiple sprints parallel to each other, they have a pool of security testing organisations who can help them out in ongoing testing
  • Can compare the work from different companies, if someone is slacking move towards someone who is performing better
  • This will drive more quality in the tests, can challenge the results of different testers more
  • Encourage multiple tests, same piece of software by different people
  • If vulnerabilities found by one tester but not another, then shows poor quality

Accredited providers:

How important do you think both SOC and pen testing accreditations are? e.g., CREST, how important is this?

  • CREST is only UK, it's not important for any other organisation outside of Europe

Is there an equivalent for Europe?

Important that you work according to ISO 27001/2, if you have a pen testing organisation that is not ISO certified then you don't have a chance

What is more important is the certification of the pen testers: way more important as this says something

OSCP is worth way more than CEH as an accreditation in the UK. Quality of OSCP assessment is higher, CEH is basically a multiple-choice exam

There are specific certifications for pen testers and ethical hackers so if they have them that is really good

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Organizational Behavior For The Hospitality Industry

Authors: Florence Berger, Judi Brownell

1st Edition

0132447371, 9780132447379

More Books

Students also viewed these General Management questions

Question

6. What information processes operate in communication situations?

Answered: 1 week ago

Question

3. How can we use information and communication to generate trust?

Answered: 1 week ago