Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Jay Bavisi, CEO, EC Council

Jay Bavisi, CEO, EC Council

Jay Bavisi, CEO, EC Council

<p>Jay Bavisi, CEO of EC Council</p>
Jay Bavisi, CEO of EC Council

Threat management is getting increasingly harder – thanks to rising instances of insider threat, cloud misconfigurations, APTs and polymorphic malware, IT/OT convergence, and a constantly-expanding attack surface – to name a few.

Besides battling challenges cropping up from the technology or operational side of things, CISOs are faced with a massive skills shortage. According to an Economic Times article, India presently faces a 30% shortage of cybersecurity skills.

The complex threat landscape and the spotlight on high-profile data breaches have compelled CISOs to not ramp up efforts to onboard expert talent, but also pursue ways to scale up their own cybersecurity know-how.

In wake of the increasing sophistication of tactics, techniques, and procedures (TTPs), it’s imperative for CISOs and their teams to fully understand how hackers operate. This includes gaining initial access, evading detection – and subsequently, privilege escalation and lateral movement. A cybersecurity certification is therefore viewed by many in the business to be a sure bet for a career in cybersecurity.

EC Council’s Certified Ethical Hacker (C|EH) certification is considered to be the most comprehensive ethical hacking program in the industry by 88% of cybersecurity professionals.

In an interview with ETCISO, Jay Bavisi, CEO of EC Council, explains that in addition to upskilling their teams, CISOs must keep pace with the rapidly changing business and technology landscape by pursuing professional development opportunities such as obtaining relevant certifications or advanced degrees.

We also throw light on what’s new in the C|EH V12 certification and what security chiefs must know about EC-Council’s Certified CISO (C|CISO) program.

Commenting on how the C|CISO) program helps security leaders, Jitendra Tripathi, head of cybersecurity operations at Jio says in EC Council’s Hall of Fame report: “Post earning the C|CISO, I was able to improve the efficiency of (the) SOC and aligned security operations with business goals.”

Anupam Misra, director of security at PwC India, on the other hand, says that after being certified as a C|CISO, he helped the credit card department of an Indian Bank enhance their cybersecurity with multi-factor authentication and real-time access for governance.

Edited excerpts

To start with, which certifications rake in the biggest bucks in the cybersecurity space?

There are several certifications in the cybersecurity space that can lead to high-paying job opportunities. For entry-level positions, the C|CT (Certified Cybersecurity Technician) and the C|ND (Certified Network Defender) certifications are both great starting points. CND covers the basics of network security and prepares candidates for roles such as network administrator or security analyst.

To develop core competencies, the C|EH (Certified Ethical Hacker) certification is an intermediate-level certification that is highly valued by employers. It covers various areas of ethical hacking, penetration testing, and vulnerability assessment, preparing candidates for roles such as security analyst or penetration tester.

As one of EC-Council’s most sought-after certifications, the C|EH certification has enabled professionals worldwide to start their cybersecurity careers, with some achieving up to three times their previous salaries. In addition to these certifications, there are also specializations such as Cloud Security and DevSecOps that can lead to high-paying job opportunities.

For C-suite level positions, the C|CISO certification is highly sought after. It covers the skills required to lead and manage information security programs and is designed for individuals at the executive level.

Given the massive skills shortage, what are 3 things CISOs must do to: (a) Enhance their own knowledge and cybersecurity skills? and (b) Upskill their cybersecurity teams?

Embracing continuous learning, looking for hands-on experience, and building a strong network are three of the many things a CISO must professionally embrace to achieve cyber resilience and enhance knowledge and skills. The CISO requires more than just technical skills. They must also possess commercial know-how, communication skills, and the ability to collaborate. Adapting to new modes of working may be disruptive in the short term, but it is a worthwhile opportunity for CISO to become an essential business partner at the core of the organization’s value chain. The CISO can integrate with organizational transformation and continually demonstrate security as a business enabler and value-add.

EC-Council’s Certified CISO (C|CISO) program is the security executive training and certification program. It enables information security executive leadership through a program that was developed by a core group of current information security executives and the C|CISO Advisory Board. The program content was created by CISOs acting as authors, quality assurance, and trainers. This ensures the program remains relevant to aspiring security executives.

Coming to the second part of the question: To upskill their cybersecurity teams, CISOs should invest in creating customized training programs that address the specific needs and skill gaps of their team members. This includes both technical and non-technical skills, such as threat analysts, incident response teams, risk management personnel, or security compliance members.

Additionally, they should motivate their team members to acquire and maintain high-value, industry-recognized certifications, such as CEH, CND, ECSA, and CHFI. These types of certifications not only validate their skills but also boost their confidence and capabilities within the cybersecurity field.

Most importantly, CISOs should prioritize diversity and inclusion in their hiring and talent development processes. By building a diverse cybersecurity team, CISOs can enable broader perspectives and garner ideas that can help address complex cybersecurity challenges more efficiently. A more diverse team can attract a wider pool of candidates and result in a powerful pool of intellectual capabilities to think in terms of current and future threats to the organization.

From a threat research standpoint, which cybersecurity roles & skills are most in demand globally? Is it any different in India Inc.?

In threat research, various cybersecurity roles and skills are in high demand across the globe. Key roles include security analysts, penetration testers, threat intelligence analysts, incident responders, security auditors, malware analysts, and security architects. These professionals are responsible for monitoring incidents, identifying vulnerabilities, analyzing threats, handling security breaches, assessing security postures, reverse-engineering malicious software, and designing secure network infrastructures.

While the demand for each role may vary based on regional factors, industry requirements, and local regulations, the overall need for cybersecurity professionals in India remains consistent with global demand. Some of the key sectors driving this demand in India include banking, financial services, insurance (BFSI), information technology (IT), telecommunications, and government organizations.

How does the addition of Edge, Fog, grid computing, and the MITRE ATT&CK framework in the C|EH curriculum can help cybersecurity professionals tackle evolved cyber threats. Can it help them in detecting malware written in newer languages such as Rust, GoLang, Nim, etc.?

In order to strengthen cybersecurity professionals’ ability to counter advanced threats, not only have we included Edge, Fog, grid computing, and the MITRE ATT&CK framework but also the Diamond Model of Intrusion, Techniques for Establishing Persistence, Evading NAC, and Endpoint Security. This all-encompassing approach in C|EH V12 enhances the security of distributed systems and ensures data protection.

Edge and Fog computing are becoming increasingly important with the growth of IoT and distributed systems. C|EH trainees learn how to secure data in distributed systems, particularly IoT devices, and protect data in transit by understanding the principles of Edge and Fog computing. This knowledge allows them to identify vulnerabilities and implement security measures in these complex environments.Jay Bavisi, Funder, President & CEO, EC Council

In addition to Edge and Fog computing, the C|EH training also covers grid computing, which emphasizes the importance of securing systems that share computational resources. Individuals learn to monitor these systems for suspicious activity and respond effectively to incidents.

The MITRE ATT&CK framework is a valuable resource because it’s a comprehensive knowledge base of cyber adversary behavior and tactics. It helps professionals systematically identify, detect, and mitigate threats using a well-informed approach and they learn to use this comprehensive knowledge base to stay informed about the latest cyber adversary tactics and techniques, enabling them to develop effective countermeasures.

However, addressing malware in emerging languages like Rust, GoLang, and Nim demands continuous learning. Professionals must stay informed on these languages and adopt new malware detection techniques, ensuring adaptability in the rapidly evolving cybersecurity arena.

The C|EH training program equips individuals with a robust foundation in cybersecurity, enabling them to address diverse challenges in the industry. The curriculum adeptly familiarizes trainees with the essentials of newer languages as well as their potential vulnerabilities. To thrive in detecting and mitigating threats in the ever-changing cybersecurity environment, it is essential for professionals to remain up to date with the latest advancements in these languages.

Organizations are looking to adopt a more proactive stance, some are even exploring counter-offensive capabilities. What are 5 things CISOs must do to make this possible?

In this unprecedented age of disruption, CISOs can play a crucial role in helping companies transform. CISOs cannot continue with conventional reactive roles in light of the velocity and aggressive tactics that cybercriminals are using for cyberattacks.

My five takeaways for CISOs are:

  1. CISOs must take a comprehensive, data-driven, and focused approach to make effective cybersecurity a reality: The first step is to understand the risk landscape, to identify potential threats and points of vulnerability, evaluate the effectiveness of existing controls, and prioritize gaps to remediate exposure as efficiently as possible. Their organization’s safety cannot wait until it is convenient to plan and act. CISOs need visibility and decisiveness if they are to survive today’s business landscape.
  2. CISOs must develop a comprehensive incident response plan that is documented and practiced across the business. The plans must be highly visible and practiced, enabling rapid and precise implementation should an attack occur. In order to succeed, the plans must clearly define the roles and responsibilities across the zone of impact.
  3. To take a proactive cybersecurity approach, CISOs must balance investment in the right technologies, tools, and people. By balancing program spend in a risk-based approach, security organizations can improve their ability to detect, respond to, and mitigate cyber threats proactively. CISOs must also keep up with the evolving threat landscape by constantly analyzing new attack vectors and methods used by cybercriminals.
  4. The human factor cannot be understated as a critical function of security. CISOs must train and educate that first line of defense – employees – on cybersecurity best practices, including the latest threats and attack methods. By establishing policies and procedures for incident reporting and encouraging a culture of open communication and transparency, CISOs can empower employees to be active members of the organization’s cybersecurity team, protecting the environment and their fellow workers.
  5. To address these challenges, CISOs must collaborate with other cybersecurity leaders, government agencies, and security vendors globally to share threat intelligence, best practices, and resources. For example, the Cybersecurity and Infrastructure Security Agency (CISA) in the United States provides guidance and resources to help organizations improve their cybersecurity posture. By sharing threat information, CISOs can give to the cybersecurity community while staying informed about emerging threats to their organization’s cybersecurity posture.

CISOs must embrace a problem-solving mindset and connect to the cyber community. This allows for enabled business growth and innovation while effectively managing risk. The success of business in today’s digital world depends on the ability of CISOs to evolve and become integral in protecting and enabling the organization.

What options can aspiring cybersecurity professionals explore if their organizations do not have a learning & development program that can fund certification courses?

While not having access to a learning and development program that can fund certification courses can be challenging, there are alternative options that aspiring cybersecurity professionals can explore.

There are various cybersecurity scholarships and grants available to support individuals interested in pursuing a career in this field. In March, EC-Council announced a $3.5 million CCT scholarship to spark new cybersecurity careers globally and until now we have received registrations from more than 10,000 participants across the globe.

Also, many platforms such as CodeRed offer subscription-based online cybersecurity courses which are available at low cost. These courses can help build a strong foundation in cybersecurity concepts and techniques.

Additionally, cybersecurity professionals can explore a few more options:

  • Individuals can also explore open-source learning platforms where they can find repositories of cybersecurity projects, tools, and resources to learn from and contribute to. Subscribe to podcasts and webinars to stay updated on the latest trends and learn from experts. They can explore academic resources like research papers, theses, and dissertations on cybersecurity topics to deepen their understanding of the field as well as engage in cybersecurity forums and join online communities to learn from and interact with other cybersecurity enthusiasts and professionals.
  • They can participate in ‘Catch the Flag’ (CTF) competitions, which are cybersecurity events where participants solve challenges to test and improve their skills. Further, they can seek out volunteer opportunities or internships in cybersecurity-related projects or organizations, which can provide hands-on experience and enhance their skills.
  • Some organizations offer free or low-cost access to cyber ranges, which are virtual environments for practicing and improving cybersecurity skills. We have our purpose-built cyber range platform called CyberQ for hands-on real-world cybersecurity performance-based learning.

Leveraging these options allows aspiring cybersecurity professionals to gain valuable knowledge and skills, even without organizational support.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket