Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

Tips for testing an IT security experts worth in the UK

Written by  Apr 11, 2020

There is no shortage of people presenting themselves as security experts. Some of them truly are, the others may or may not be, here are some tips to help you to delve deeper.

"Let the buyer beware" is an axiom that nearly all of us are familiar with. Most of us know the phrase in the context of retail purchases. We were taught, or have learned over time, to never take sellers at their word. We must always perform the appropriate research before making a purchase.

In recent years, security has become a hot field. And sadly, where there is budget and focus, there are also frauds and deceivers. There is no shortage of people presenting themselves as security experts. Some of them truly are. The rest of them, however, are keen to take advantage of security professionals who haven't yet learned to filter the real security experts from the fakes.

Advertisement

Cybersecurity Essentialsamazon uk

To help organisations avoid spending time, money, and resources on so called security experts, I offer 10 ways to spot one:

  • Big words: We all like to sound educated and well-read. There is rarely a point in obfuscating our speech with large, overly complex words that make it harder for others to follow what we're saying. But that is exactly what security fraudsters are after. Most of us are afraid of looking stupid, particularly around our peers. If we don't understand something, we may hesitate to ask for clarification. Frauds prey on this and purposely large words to appear knowledgeable and to confuse us. A general rule of thumb is: If you think you're hearing a large number of complex words in a row, and that when assembled together, they have no meaning, you're probably right. You're likely listening to someone actively looking to deceive you.

  • Nothing in writing: Honest, hard-working security professionals have no problem emailing or otherwise putting agreements into writing. It's very common for a meeting to result in a follow-on email with minutes and action items. Security frauds can't risk having anything in writing because they can't actually deliver on their promises. If you find that someone repeatedly speaks or makes promises but never puts them in writing, it's a red flag.

  • No actions: Most of us attend meetings now and again, but we likely spend most of our workdays doing our jobs. If you are working with someone who can never seem to get anything done or perform any tangible action, you might have fraud on your hands.

  • Numerous lectures: If your job keeps you busy, you're like most security professionals I know. While we all need to take time to step back and see the bigger picture, we also need to balance that with meeting our deadlines and obligations. If you come across someone who always seems to be lecturing others on what they should be doing, how what they're doing is wrong, and/or how things would work in an ideal world, beware.

  • Big plans: Many security organisations have a vision. In addition to that, many members of the security team likely have quarterly, annual, and/or multiyear goals and priorities that they're working toward. It's good to dream, but if all you hear from a certain person are grand plans that are not grounded in reality or connected to the current work environment, they may be a fraud.

  • Excessive name dropping: Many of us in security are fairly well connected. Over the years, we've worked with people, networked at conferences, and made a name for ourselves. But real professionals let their work speak for them, not the names of others in the field that they know. Someone who can't seem to describe the work they've done but is quite adept at name dropping is probably unlikely to actually know most of the people whose names they're dropping!

    Advertisement
    Cybersecurity for Beginnersamazon uk

  • Overly verbose LinkedIn profile or resume: A LinkedIn profile or resume is a great place to showcase your work experiences and your professional skill set. That being said, if someone's profile or resume reads like a short story or novel, it's time to move on.

  • Amazing coincidences: There are coincidences in life and some of us have had the good fortune to be in the right place at the right time or the bad fortune to be in the wrong place at the wrong time. That being said, the number of times that most of us are involved in a historically notable event is fairly small. If you've come across someone who claims to have been involved in numerous notable events over time, they may be fibbing. Watch out.

  • Too many stories: We've all met people who seem to have a story or anecdote for every topic of conversation. Some of these people, it seems, spend their days collecting stories and anecdotes, rather than working and building their skills and experience. These types of people aren't who you need for your security team.

  • Loose lips: There is one particular Taoist quote that aptly describes the security profession: "Those who know do not speak. Those who speak do not know." If someone goes on and on about events that should be kept close, they're either a huge security risk or they weren't really there. Neither are good for the security organisation. Keep clear.


Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

Advertisement

Popular News

May 06, 2020 IT Security News

Popular VPNs Exposed Users to Attacks

Researchers analysed some of the most popular VPNs and discovered that two of them were affected by vulnerabilities that...

May 19, 2020 IT Security News

EasyJet data breach: Over 9 million customers affected

The personal data of over 9 million EasyJet customers has been infiltrated by hackers, including over 2,000 users' credi...

May 22, 2020 Cyber Security

EasyJet will be sued over customer data breach

Legal firm PGMBM, a specialist in group legal action, has issued a class action claim under Article 82 of the General Da...

Mar 27, 2020 Cyber Security

Hospitals worldwide offered free security software

As cyberattacks against hospitals surge during the coronavirus crisis, technology companies are stepping up to alleviate...

May 18, 2020 Cyber Security

UK power grid operator Elexon hit by cyberattack

The UK’s power grid middleman Elexon has announced it has fallen victim to a cyberattack, which did not compromise pow...

May 05, 2020 Cyber Security

The importance of cybersecurity for UK businesses

Technology is constantly changing and at a pace which is hard to keep up with, but 'safety first' always applies. ...

May 11, 2020 Cloud Security News

Tips to help secure your cloud data in the UK

In this digital age, it’s not a great idea to trust someone with your sensitive data. ...

Apr 01, 2020 IT Security News

Online privacy is all but gone, say Brits

Nearly 80% of UK consumers believe they have lost any real control over how their personal data is collected and used by...

Apr 10, 2020 IT Security News

The importance of security for UK office printers

When it comes to digital security, we tend not to think about printers as they are often seen as dumb devices with a few...

May 07, 2020 Cyber Security

Three quarters of UK homeworkers haven't received cybersecurity training

As Covid-19-related cybersecurity threats continue to multiply, three in four of home workers are yet to receive any cyb...

May 14, 2020 IT Security News

Windows 10 is getting DNS over HTTPS (DoH) support

DNS is one of the last protocols that still runs unencrypted on the Internet. ...

Apr 11, 2020 IT Security News

Tips for testing an IT security experts worth in the UK

There is no shortage of people presenting themselves as security experts. Some of them truly are, the others may or may ...

May 20, 2020 IT Security News

To VPN or not to VPN for business users

It’s a question many organisations are asking as they work to provide secure and reliable remote access at scale. ...

Apr 07, 2020 IT Security News

Eighty per cent of exposed Exchange servers remain unpatched

Over 350,000 Microsoft Exchange servers have not been patched against the CVE-2020-0688 post-auth remote code execution ...

Apr 22, 2020 IT Security News

Kaspersky shares 10 security and privacy tips when using Zoom

The recommendations from Kaspersky come following recent concerns regarding Zoom's security and privacy. ...

Apr 17, 2020 Cyber Security

SonicWall launches boundless cyber security platform

SonicWall has released a new boundless cyber security platform to protect companies and government agencies remote workf...

Advertisement
Symantec Home 120x60

Advertisement