cyber

Free cybersecurity seminar will focus on physical security systems and star ethical hackers

BSIA The British Security Industry Association (BSIA) has announced a free seminar on cybersecurity and data protection for both installers and users of physical security systems. The half-day event will focus in particular on addressing vulnerabilities of physical security products that are connected those that are accessed or operated remotely via the internet. So whether you procure, operate or install IP CCTV, IP access control, IP intruder alarms, IP fire systems and other connected systems, the event is relevant to you.

Also supported by the Fire Industry Association (FIA), the seminar will take place in Solihull, West Midlands on 4 October. The introduction of the GDPR, which comes into force from 25 May 2018, is raising the stakes when it comes to strengthening protections against data breaches. Fines for non-compliance could be as much as 79 times greater than under the existing data protection regime. The GDPR and its implications will no doubt be a big attraction for those who attend the seminar. Cybersecurity experts from the West Midlands Police digital cybercrime team and the Scottish Business Resilience Centre s team of ethical hackers will also deliver presentations. Another session will discuss the Cyber Essentials accreditation, while the BSIA will review its own work in the cybersecurity field. Exhibition space is still available to companies wishing to showcase products and services to a wide range of delegates from the fire and security sectors. A limited number of stands are still available to book, priced at 395 + VAT for BSIA and FIA members, and 495 + VAT for non-members. Registration for the event will be open from 9:00am, with presentations kicking off at 9:45am and the event expected to finish at around 13:30.

A full programme and online booking forms for both delegates and exhibitors are all available from the BSIA s website. Free Download: the CyberSecurity Crashcourse Are you even aware if you have been the victim of a cybersecurity breach? This report will help you to find out and protect yourself, Eric Hansleman from 451 Research presents a rapid-fire overview of cybersecurity , because a firewall just won t do, you need multi-layered defences to truly protect your data.

Click here to download now

Bitcoin exchange seized over $4bn money laundering indictment, but regulations remain a minefield

Cryptocurrencies Six US law enforcement agencies, including the Secret Service, recently seized a bitcoin exchange, despite the fact it was registered in another country. Alexander Vinnik, alleged to be the operator of BTC-e, has been charged with 19 counts of illegal money transmission and money laundering. Vinnik and the bitcoin trading platform stand accused of laundering more than $4bn worth of illicit funds since 2011.

The value of bitcoin reached record highs recently, breaking through the $4,500 barrier. The world s most widely used cryptocurrency, which is transacted between parties without an intermediary such as a bank, is used widely in cybercrime. In the wake of several high profile ransomware attacks, many businesses in the UK have preemptively purchased Bitcoin in case they need to pay a ransom to unlock time-sensitive files. A leading cybersecurity executive believes improving regulation of the cryptocurrency won t be easy, but directed wisely, could be very effective in undermining bitcoin s value to criminals. Recent raids of by US law enforcement agencies against the companies involved in bitcoin mining and exchange business, probably exposed a lot of inconvenient truths about the dark side of unregulated cryptocurrencies, said Ilia Kolochenko, CEO of cybersecurity firm High-Tech Bridge. We should expect more attempts to regulate bitcoin and other cryptocurrencies. However, few of them will likely be successful due to technical infeasibility. Nonetheless, the administrative burden and costs, and severe penal sanctions for non-compliance can play a major role and preclude cybercriminals from using bitcoin in total impunity. It s similar to gold: if you cannot sell it for cash, or other tangible and untraceable goods, it becomes useless.

Free Download: the Cyber Security Crashcourse This report contains 40 slides packed with insight into the trends shaping the industry and how you can protect yourself.

Eric Hansleman from 451 Research presents a rapid-fire overview of cyber security.

Click here to download now

The phishing threat in numbers

infographic Did you know that the average company with 10,000 or more employees spends $3.7m a year dealing with phishing threats? For more shocking facts and stats about this persistent threat to data security check out the infographic below. This infographic has been designed by Inspired eLearning, which is dedicated to delivering the highest quality enterprise educational products that transform corporate culture, nurture and enhance workforce skills, and deliver maximum ROI for the corporate education budget.

Free Download: the Cyber Security Crashcourse This report contains 40 slides packed with insight into the trends shaping the industry and how you can protect yourself.

Eric Hansleman from 451 Research presents a rapid-fire overview of cyber security.

Click here to download now

Radiation-blocking underwear and 18 other bizarre smart things that could let hackers into your smart home (and one device to protect you)

No object, however mundane, cannot be improved with a computer chip: this seems to be the philosophy driving development of smart things in the smart home arena. It was partly this scattergun approach that prompted Wired magazine to prophesise the demise of the internet of things (IoT) at the start of 2017. Click on the icons in our infographic below to check out 19 of the most bizarre or according to IoT sceptics pointless devices that are creating new vectors of attack for cybercriminals.

Security is little more than an afterthought on too many devices, with criminals able to guess default usernames and passwords by trawling Google. We haven t chosen these 19 devices based on security some may have very rigorous security mechanisms in place. Rather, we chose the most bizarre devices, and paradoxically, in this context, bizarre also means mundane the point being: is a smart hair brush or smart fork really going to deliver benefits that warrant creating new avenues through which hackers could break into your home network? Several products designed to boost IoT security were launched at CES 2017, suggesting the industry is waking up to the threat. We ve included one of them below flagged with a red icon. Free Download: the Cyber Security Crashcourse This report contains 40 slides packed with insight into the trends shaping the industry and how you can protect yourself. Eric Hansleman from 451 Research presents a rapid-fire overview of cyber security.

Click here to download now

The Cyber Intelligence and Security Centre: Businesses are only seeing 50% of the problem

Barely a week goes by without a major company being brought low by cybercriminals. But if cybersecurirty is now firmly under the media spotlight, a key vulnerability is routinely ignored: people, not the network. We spoke to James Taylor of The Cyber Intelligence and Security Centre and Greg Oakley of its sister company, Sorinteq, to find out more.

The Cyber Intelligence and Security Centre is exhibiting at IFSEC International between 20-22 June 2017 at London ExCeL. You can find them on stand C1810. Get your free badge now. IFSEC Global: Please tell us a bit about your organisation. Greg Oakley: We are essentially a cyber-defence, cybersecurity and cyber intelligence organisation. So we cover three areas. Cyber intelligence is the missing piece of the puzzle in many cybersecurity companies. We re a sister company of Sorinteq, which delivers ex-listed cyber training to UK and international governments and law enforcement. The Cyber Intelligence and Security Centre delivers the same typology of services and training but to the non-governmental commercial sector.

We examine network and software security. We review processes and policies. But significantly we will check for physical vulnerabilities and very much look at people. It s this that sets us apart from the competition. Human frailties can be exploited to the benefit of someone who thinks like a hacker. That s part of the service we deliver: thinking like a hacker IG: And what does looking at people entail in this context? GO: Most people understand that software can be penetrated. What they don t understand is the significant vulnerability that staff and other people can present to a company. Humans have vulnerabilities and they can be socially engineered.

Hacking the human , or social engineering, is the manipulation of human behaviour to achieve your objectives. In other words, how do I get this guy to do something wittingly or unwittingly, unconsciously or intentionally, for an ulterior motive without his or her knowledge? IG: Like how phising or ransomware relies on duping someone into clicking on a rogue link? GO: That s an example. But it s also human behaviour, traits and characteristics. Human vulnerabilities include not wanting to offend, wanting to please, naivety, sometimes ignorance The human element of what we deliver, in terms of training and software, mean we expose companies to areas they wouldn t necessarily give a thought to. Criminals can use social media to profile you for exploitative purposes. What people most likely don t understand is how they leave residual data, a residual footprint, on a day to day basis. IG: And they can use that data to make educated guesses at the password you might use based on date of birth, their dog s name or favourite football team?

James Taylor: That can form part of it but you can go deeper than that. They could theoretically develop a relationship through social media, start to influence that individual s behaviour. As Greg referenced, it s using social norms to please someone, leveraging human behaviour effectively. That s primarily where we specialise. GO: Human frailties can be exploited to the benefit of someone who thinks like a hacker. That s part of the service we deliver: thinking like a hacker. IG: What kind of people are you hoping to meet at IFSEC? JT: I feel most companies in a commercial sector would benefit. I ll give you an example.

Let s say you have a company and you are making 20 people redundant. You give them notice and in six months time they lose their jobs. We would look at that and say you now effectively have a group of employees that are theoretically very disgruntled with the potential to compromise your business. What safeguards are you putting in place for that insider threat? Even if you re a company that doesn t operate in the digital sphere, it doesn t really matter. If you have assets and I mean employees, equipment, stock, anything you re effectively vulnerable. GO: A question we re often asked is how do you mitigate threats against your company when you don t know what those threats are ? It s only when Cyber Intelligence and Security Centre staff come along and work with a company that they start to have an understanding of what the very non-obvious and significant threats are. The three questions I d ask to IFSEC visitors are: Does your company employee people?

Does your company have an IT network? And does your company have a premises? If the answer is yes to all three then we re very confident we can provide a very sound and interesting dynamic risk assessment in terms of security. Whether you re running the most complex software in the world, have both proactive and passive systems, encryption, firewalls etc it all starts and ends with the human factor IG: How are you approaching IFSEC? What can visitors expect to happen on your stand? GO: We ll have three people there: two on the stand and one walking around and engaging with attendees and other stand holders. You re not going to be able to walk away from our stand with a top and tail around a range of variables. What we can do is have a conversation getting a meeting off the ground at your premises resulting in a bespoke, made-to-measure plan for your company. IG: Is it becoming easier to get custom in your sector given the huge and growing media coverage of major breaches and cybersecurity generally?

JT: A two part answer. It is growing. You see an international hack occur. Companies are panicked. But they re still thinking about the network side of the coin and only seeing 50% of the problem. We give them the full picture. Because actually, whether they re running the most complex software in the world, whether they have both proactive and passive systems, encryption, firewalls etc it all starts and ends with the human factor. So for us it s very much about getting a company to identify that as a credible threat, to look at how a hacker would approach your business. Because I guarantee it s not the way you think they will approach it.

And on top of that you have the insider threat. So we work on something called a cyber-risk exposure review. That consists of identifying all potential vulnerabilities within that business that they re not already aware of. Once the cyber risk exposure review has occurred and we ve checked what we need to check, sat down with relevant persons in that company, that s when we design the training. The training will consist of what I would class as end users. So if it s the NHS then we upskill the doctors or nurses around security and what they do online and take this all the way up to board level. We talk about risk and footprint not only in their professional life but their personal one too. Because from a hackers standpoint, social media is a rich source of data. But it might be less direct than social media.

Take a director of, let s say Ford. He might be security-conscious and not have Facebook, LinkedIn or Twitter accounts. But I would ask him if he has a wife, kids? Are they using social media? What are they saying online? They re probably not thinking around the full picture. Once we ve established that we then bring it back to the company and look at their processes and policies. Because actually they re always missing a step. We try to open their eyes.

So it is an opportunity for us on the back of the publicity that network security and hacking are getting. Everyone knows cybercrime is the future. What we re saying is: We give you the 360 . Your network might be secure but not when you have an administrator who doesn t know how to put the settings in place or leaves an open port. You might have spent 250,000 on introducing something like Mimecast into your system. But if your users aren t doing the basics correctly, you might as well have thrown that money down the drain. We will get your users to a point where that risk and vulnerability is mitigated. IG: It s a compelling pitch. Is there anything else you want to add?

GO: We also work very closely with Russel Group universities, with eminent psychologists and linguistic experts in understanding human behaviour. So our ability to demonstrate how the human can be hacked, manipulated and exploited, as well as our own background of operational experience, comes from an academic stance as well. The Cyber Intelligence and Security Centre is exhibiting at IFSEC International between 20-22 June 2017 at London ExCeL. You can find them on stand C1810. Get your free badge now. Visit Europe s only large-scale security event in 2017 Taking place in London, 20 22 June 2017, IFSEC International gives you exclusive hands-on access to over 10,000 security solutions, live product demonstrations, and networking with over 27,000 security professionals. Covering every aspect of security, from access control and video surveillance to smart buildings, cyber, border control and so much more.

Time is running out, register now to avoid missing out

Latest Security Consultant Jobs

The role would ideally suit a Solution Architect with a particular interest in messaging, collaboration or security, looking to specialise within the data…Ensure the confidentiality and security of all firm and client documentation and information; Legal Adviser/Legal Consultant/Legal Counsel….Senior Security and Threat Intelligence Sales Consultant 26th May 2017*. Develop short, medium and long term account plans with focus on Security technologies… Your role will see you implementing and maintaining ISO27001 as well as being responsible for delivering information security, data protection and business… Our Management Consultants aren t constrained by narrow role descriptions. One day you might be working in the private sector to help clients improve their… Our Management Consultants aren t constrained by narrow role descriptions.

Experience of developing new business opportunities in the Defence and Security Knowledge of security techniques. Ad-hoc support for our security operations. As a Security Officer you could be responsible for:…. Cloud security, e.g. tokenisation. You will provide a thought leading Security consulting capability to our customers as a security authority, involving… Wir suchen Berater und Software Ingenieure, die frische Ideen mitbringen und sich in ihren Teams mit Data Insight, Distributed Computing, Enterprise… You can expect to join a team of top-flight Security Consultants, Senior Security Consultants and Managing Security Consultants who think like an attacker and… We specialise in individual and organisational competence and behaviours, security and safety risk management, vehicle driving and automation, training design… Thorough knowledge of security tools including:. Maintain and regularly share a register of activities in response to security alerts identifying levels of… Security Analytics. Security Testing (Functional testing). We are looking for Cyber Analysts/Consultants to join our Cyber Security Advanced Threat (ATI)…Analyst and Consultant.

SAP Consultant Integration & Architecture.

40,000 – 65,000 + Benefits (Based on experience and level)….Insurance, reinsurance, financial, corporate, and government clients rely on AIR s advanced science, software, and consulting services for catastrophe risk…

Jailbreaking tractors and what it tells us about ineffective security.

No, really

Back in April 2015, WIRED.com ran a story on agricultural equipment giant, John Deere. It concerned ownership of its equipment by farmers and the fact that they don t. Yes, that s right, the farmers don t own it, they pay for it as an implied licence, at least that is what John Deere say and the company is enforcing this status by using copyright law, based upon the computer coding that is used in its vehicles.

It appears one of their fears is that users may use their equipment to pirate music on their tractors. Stay with me. Apparently, this is a big concern for them. While it is very noble of John Deere to protect the world from those heinous music-pirating farmers, they have inadvertently created another problem: the proliferation of rogue Ukrainian jailbreak software among those farmers. Not to download Katy Perry track or the latest Hollywood blockbuster. No, this software is to jailbreak management systems that have been allegedly locked down by John Deere, so farmers cannot access parts of those systems in order to carry out repairs. If you are still reading, you will no doubt be wondering where on earth we are going with this. Well, we are going down the cyber security path, of course. Ukrainian jailbreak software Because the issues raised by these events got us thinking.

Agricultural equipment is pretty robust, physical stuff, required to carry out robust and physical work. If this equipment malfunctions, the user (obviously, given the above we can t say owner, as that is apparently, John Deere) may be a long way from safety, never mind repair. Locking down areas of repair that then require the users to return the equipment to a registered dealer or repair source is a lot more serious in a tractor than it is in an iPod or a broken phone. The concept of denying access to a device or service might be familiar if you have experienced or read about ransomware, which does something similar but without the protection of copyright law. When you start arbitrarily blocking access to areas, networks and applications or tools that users genuinely need, they ll find a way around and it themselves and you probably won t like the fix they find (There is a distinction in the UK with car ownership, in that cars have a registered keeper rather than an owner. This, however makes it simpler given the increasing number of cars that are leased and not bought.) So, farmers with clear frustration have turned to the cyber world for a solution and this murky world has responded. If US farmers are now using Ukrainian software to jailbreak their own tractors and equipment in order to expedite the repairs, they are taking a risk. Business ethics aside, surely it is poor practice if it means your users go to such lengths not to mention risk, in order to carry out repairs? Using unknown software is always a risk, but it happens.

This however, is an unusual situation. Agility Stepping away from US tractors for a moment, poor security looks and feels a lot like this; security says no , so users find ways around the policy, software or process to do the job or task they need to do. They may be looking to increase agility or build in greater efficiency. Good security should enhance agility and efficiency not hinder it. In fact, it should enable greater agility by being proportionate and well planned, meaning that legitimate users are able to access what they need, when they need it, and know it is secure, accurate and complete. When you start arbitrarily blocking access to areas, networks and applications or tools that users genuinely need, they will find a way around the problem themselves, and the chances are, you will not like the fix they find. Like the tractor users breaking into their own tractors, they make take risks or compromise security to get the result they need. It s the one-size-fits-all approach that leads to security saying no . Being thoughtful and proportionate in how access is decided and permitted will lead to much better results and reduce the likelihood of users taking risks Understanding risk, risk appetite and tolerance and how to assess risk is vital in business and when it comes to security, it can mean the difference between well informed and enabling security that comes as a cultural fingerprint and the risk-averse, fear-led security says no approach that causes situations such as we have described above.

Of course, it is completely understandable how businesses find themselves with this kind of negative culture. There is a lot of threat out there and any businessperson who has read a cyber security research paper in the last seven years will tell you the biggest threat comes from within; the insider threat. This is completely true but at the same time, business moves just as quickly as threat and needs to stay on top of any agile systems and practices that enable its users to perform at their best. When you understand the need for access to these risky platforms, apps or data, then you are at the start of finding ways for legitimate users to exploit them, as they should in order to be effective. One size fits all It s the one-size-fits-all approach that leads to security saying no . Being thoughtful and proportionate in how access is decided and permitted will lead to much better results and reduce the likelihood of users taking risks to achieve the results they need. This of course does not apply to non-legitimate users of certain services. Making policy clear enough for everyone to understand what is expected of them and enforcing that policy after you have thoroughly educated it through, will help. While it is true some people will always try to break the rules, at least having worked out who should not be blocked from a service or data and who should be blocked and will abide by this policy, reduces the number of people you need to be concerned about and so your resources will be better spent identifying and rectifying those situations.

Back to the tractors and the risk. There is a lot to be said for using only authorised software from dealers. We are all connected now. If it s web-enabled then it s hackable and we don t have to look very far to see what happens when malware is let loose in both the cyber and the physical world. Malware was showcased at a recent convention which was specifically designed to attack physical systems and we have seen several vehicles hacked to great effect and with great press coverage over the last couple of years. The trouble with living in an interconnected age, is that when you take a cyber risk, you are taking it for more than just yourself; you are taking it for whoever you are connected to as well. So when applying security principles such as blocking or disabling platforms, data or services, we need to be certain we have done this from a solid understanding of the genuine risk. Only through doing this will we start to mitigate the risk from the accidental insider threat. Ellie Hurst is confirmed as a speaker on cybersecurity at IFSEC International, Europe s largest annual security trade show, which takes place between 20-22 June 2017 at London ExCeL.

Get your free badge now. Ensure a solid security strategy at Borders & Infrastructure Expo Join other high-end security professionals at the launch of Borders & Infrastructure Expo, in conjunction with Europe s most renowned security event, IFSEC International, addressing your critical needs for large-scale security projects. By attending, you ll access leading security providers showcasing the latest advancements in both physical and cyber solutions.

Click here to register your place now to join us at London Excel on 20 22 June 2017.

Applying deep learning to cyber security: Q&A with Deep Instinct CEO Guy Caspi

Applying Deep Learning To Cyber Security: Q&A With Deep Instinct CEO Guy Caspi

Deep Instinct is the first company to apply deep learning to cyber security. Guy Caspi, the Israel-founded company s CEO, spoke to SecuritySolutionsWatch.com about the complexities of deep learning and how Deep Instinct spotted a gap in the ballooning market for combating cyber security threats. This interview was originally published on SecuritySolutionsWatch.com.

SecuritySolutionsWatch.com: Before discussing today s cyber security threat environment and Deep Instinct solutions in greater detail, please tell us about your background and company history? Guy Caspi: I ve utilised my advanced degrees in Mathematics, Machine Learning and Business to apply mathematics and machine learning in a technology elite unit of the Israel Defense Forces (IDF), as well as in financial institutions and intelligence organizations around the world. Over the past two decades, I ve led some of the largest government cyber and big data projects in Israel and other countries. Founded in 2014, and out of stealth mode since November 2015, Deep Instinct is the first company to apply deep learning to cyber security. With offices in Tel Aviv, Israel and in North America, we now have 65 employees. Our company has a winning combination of people who have the academic knowledge and credentials, paired with unique experiences in cyber security gained through years in the intelligence and elite units that focused on cyber- attacks. We adopt the mindset of hackers in order to be prepared for all vulnerabilities. In addition, Deep Instinct s dedicated deep learning research group is headed by one of the leading researchers in the field of computational intelligence. Moreover, the company has a highly-experienced management team that leverages its cyber security and academic backgrounds to carry out a successful product that offers an effective solution to address a critical need in the industry.

SecuritySolutionsWatch.com: Your site claims that Deep Instinct is The first company to apply deep learning to cyber security . Please give us an overview of how Deep Instinct works. GC: Deep Instinct s core technology is deep learning, which is an advanced branch of artificial intelligence (AI). Deep learning is inspired by the brain s ability to learn: once a brain learns to identify an object, its identification becomes second nature. Similarly, as Deep Instinct s artificial brain learns to detect any type of cyber threat, its prediction capabilities become instinctive. Deep learning has exhibited groundbreaking results when applied to computer vision, speech, and text understanding and we are the first company to apply it to the cyber security domain. In cyber security, there a big need for solutions that can protect against brand new (zero-day) threats in real-time a critical issue that causes great vulnerabilities to almost every business. Deep learning is complex and its application has a very high barrier entry because the neural networks are comprised of tens of hundreds of layers and the mathematics required to create such layers is extremely difficult. Even once this hurdle is passed, the implementation of running massive data sets using GPUs (Graphic User Interface) is not an easy feat.

Moreover, creating a deep learning-based technology that can run as an on-device client requires great expertise that raises the bar even higher. The few companies that have demonstrated these capabilities have mostly been acquired by giants, such as Google, Facebook and Salesforce. Furthermore, Deep Instinct does not use open source deep learning libraries but instead, has created its own. SecuritySolutionsWatch.com: What are the major benefits with respect to detection, prevention, accuracy, ease of deployment and other features. Guy Caspi: Deep Instinct offers a unique solution of prevention, which includes blocking malware before it is activated and can cause harm. Many new solutions on the market can only offer detection and prevention once the business has been infected, but we can detect and prevent before any damage occurs. By way of analogy, if a business were a person and the malicious attack were poison, other cyber security vendors need the person to first touch the poisonous object to then they can act and prevent the poison from spreading throughout the body. From Deep Instinct s perspective, we can tell the person not to touch the poisonous object in the first place because we immediately identified it as harmful. Moreover, Deep Instinct focuses on unknown threats and APT (Advanced Persistent Threat) attacks whether they are in a file-less manner or already existing in the system.

Instead of waiting for the next unexpected attack, the next unknown attack is identified and blocked in real-time before any harm can occur. The ability to offer immediate prevention extends beyond a network or Internet connection by covering the device even when it is not connected to them. Furthermore, our detection rates are substantially higher that existing solutions on the market. This unprecedented accuracy in predicting unknown cyber threats is enabled by the application of proprietary deep learning algorithms. Deep learning s capabilities of identifying malware from any data source results in comprehensive protection on any device, platform, and operating system, filling in gaps by providing complete solutions. Finally, deployment is fast and seamless and the solution s operations do not affect the user experience. Click here to read the full interview on SecuritySolutionsWatch.com Download: The Video Surveillance Report 2016 This exclusive report covers the security needs of surveillance systems as shaped by the physical environment including: What do security professionals think about plug-and-play systems Challenges like low-light conditions or large spaces and the threats posed in various sectors Which cutting-edge features such as mobile access, PTZ smart controls or 4K resolution are most important to security professionals What are the most important factors driving upgrades and would end users consider an upgrade to HD analogue Download the full report here.

Security Consultant Jobs, Careers & Recruitment

Security Consultant Position Description CGI is growing its Cyber Security practice and as us as a Security Architect, Cyber Consultant or Security Consultant, to bring innovative us as a Security Architect, Cyber Consultant or Security Consultant, to bring innovative us as a Security Architect, Cyber Consultant or Security Consultant, to bring innovative

IT Security Consultants job with Pontoon

IT Security Consultants Job With Pontoon

IT Security Consultants – All levels Location: London, Reading, Leatherhead and more Salary: Competitive + Benefits

Due to phenomenal 111% revenue growth in the past 12months our client are looking to recruit a number of Security Consultants to join the highly-reputed Cyber Security practice of a global IT consulting business. My client is delivering some of the largest and most complex programmes in the UK and continental Europe, strengthening core security capabilities in professional services, secure solutions and operational security. I am recruiting for IT Security Consultants at all levels to join the Cyber Security team understanding how business security risk and technical security risk is assessed and managed, including security policy and process development. Experience & Qualifications Essential Experience: * Individuals should have worked on significant security projects for public sector organisations, financial services companies or Utilities.
* Candidates will have a thorough understanding of how business security risk and technical security risk is assessed and managed, including security policy and process development.
* Experience of secure design and operation of business systems is highly desirable. Desirable Experience: * Regulatory compliance (financial, personal data, sector specific)
* Identity management at a business level including:
* End to End User provisioning
* Role Based Access Control
* Single sign on capability
* Multi-factor authentication
* PKI, Token, Claims based and Federation
* Remote access
* On-line channel security
* Customer/citizen registration
* Infrastructure build and operation at network, operating system or application level
* Security operations centres and Advanced Threat Analysis
* Technology supporting fraud detection and data protection.
* Security products deployment and operation including:
* IDAM
* SIEM
* IDS/IPS
* DLP Note: all candidates must either hold SC or minimum be eligible to undergo clearances, and be reasonably open to a sensible amount of travel.

Great career prospects.

Please get in touch for further details.