As part of Cyber Security Awareness Month, Information Security Director, James Kelsh, answered some questions about Information Security.
What got you into the Information Security sphere?
I began my career in IT support and soon realised that for a lot of companies, securing people’s data wasn’t really prioritised or even taken into consideration. I felt quite strongly that this was not only a missed opportunity, but irresponsible. So I moved into Information Security to try and help people understand the importance of data privacy.
What are your certifications?
I am a Cyber Essentials, Cyber Essentials PLUS and IASME auditor. I have an MSc in IT with Information Security. I’m CISSP, SSCP and CSTM certified and have my GDPR practitioner certification.
You’ve lead Resolution IT’s journey into Information Security. What obstacles have you faced?
There have been a lot of obstacles along the way, but the biggest one was trying to get people to understand the importance of their digital data. People are much better at being cyber smart these days, but it wasn’t always this way. There are still a lot of people and companies who tend to bury their heads in the sand or assume it doesn’t apply to them, but unfortunately that just isn’t the case. Cyber security is everyone’s business.
Why is Information Security important to you?
I think the more I’ve learned about this industry, the more passionate I’ve become about the subject. Information security really does affect all of us; financially, from a privacy perspective, safety-wise, everything.
What advice would you give to organisations looking to strengthen their Information Security?
I think the best thing to do is to start with the basics and work your way up. A good way to get your information security journey started is to get some consultancy from a security professional that can assess your organisation’s risks and identify vulnerabilities.
Taking a layered approach that includes training for staff, certifications for the organisation and security consultancy to understand your risks, as well as the basics such as strong passwords, MFA and firewalls, is the best way to ensure all your bases are covered.
It’s vital to understand that although important, simply using anti-virus and firewalls is not enough to keep your company’s data secure. Once you understand the value of your data and the associated risks that surround the loss of that data, you can protect it accordingly.
What advice would you offer to anyone looking to move into the Information Security industry?
You need to understand that it’s a constant learning process. The technology industry moves incredibly fast and the cyber threat landscape is always changing, so there’s rarely a day where you don’t learn something new. You also need to be on the ball, proactively conduct research, follow and learn from industry leaders and work hard to achieve your cyber certifications. I’d suggest starting out with a career in IT and moving towards Information Security once you understand the fundamentals of IT, then you can start working towards the CISSP certification.
Going forward, what are your aims for Resolution IT’s Information Security service in Guernsey, Jersey and beyond?
Our aim is to continue growing and expanding our services to ensure our clients are protecting their data and their clients’ data to the best of their ability. We also want to play a part in educating the community about the risks of not taking cyber security seriously and ensure all leading organisations are cyber certified to a top industry standard – Cyber Essentials, Cyber Essentials PLUS and IASME Cyber Assured.