For years it has been highlighted that the necessary figures in the cyber security sector are much greater than those actually available.

lavorare nella cyber security

Starting from this need, training courses on several levels have arisen to prepare professional figures suitable for a quick and targeted insertion into the world of work, ready to work in cyber security. These are figures that have emerged in recent years and are still taking shape, following in fact the very rapid developments of a constantly evolving sector that sees the emergence of new professionals capable of managing and facing new challenges that digital transformation imposes on both the public and private sectors.

In fact, the number of personnel dedicated to cyber security employed in companies is increasing, also thanks to the legislation on personal data which provides for specialized figures both internally and as external consultants. CISO and DPO are the most important managerial profiles, followed by highly specialized figures such as the Security Analyst and the Cyber Risk Manager.

Who is the CISO and what does it do

The CISO, Chief Information Security Officer, is the person in charge of information security within a company or public body. It is a specialized managerial figure who has technological skills, the ability to manage operational teams as well as accurate company knowledge. Although its specific skills may vary depending on the corporate structure, the CISO in general is concerned with assessing the security of the corporate network, defining policies and strategies for protection and response to the crisis, monitoring threats and analyzing data, coordinating the intervention teams formed by other cyber security specialists.

The CISO is a professional still not very widespread in Italy, in fact it is present in less than half of the companies, while in many its functions are merged with those of other managerial figures.

The DPO, who he is and what he does

The Data Protecion Officer (DPO) is a professional figure introduced with the GDPR legislation who has the task of ensuring that the rules and laws on data protection are respected. The DPO also has the task of helping to spread the culture of cyber security among employees and company collaborators to minimize the risks deriving from the weakness of the human factor.

Therefore, the DPO has both consultancy duties, to inform about the rules relating to the processing of personal data and control functions, to verify that what is foreseen is actually implemented in the correct manner. The skills he must possess are therefore manifold: legal and IT but also analytical. However, there is currently no specific certification for this professionalism.
Finally, it must be said that the legislation specifically provides for the cases in which the presence of the DPO is mandatory. In addition to being compulsory, the fact that he can be an external consultant has certainly facilitated the spread of this professional figure in companies.

The Cyber ​​Risk Manager

The Cyber ​​Risk Manager is the one who knows and understands the risk scenarios and threats to which the corporate IT infrastructure is subject to assess the impact of a potential successful attack. It is therefore a professional who is able to manage the IT risk starting from its assessment up to its management, with the aim of limiting the negative consequences for the company by containing the damages and facilitating the recovery of activities in the event of a block. . In fact, he is a figure capable of protecting corporate assets thanks to an action that should be more preventive than reactive.

The Security Analyst

This is the professional who takes care of the corporate network, monitoring activities and verifying vulnerabilities to prevent or even react to any threats. He also takes care of proposing adequate solutions to improve network security and solve any problems. It is one of the professionals whose demand is expected to grow strongly in the coming years. The Security Analyst is able to detect intrusions, threats and vulnerabilities by intervening to block any critical issues and restore the optimal situation.

The Security Analyst should have very specific skills and training, which require computer knowledge, programming and also analysis.

Left B - Web Idea

newsletter image