January 26, 2022

Cybersecurity: training to support companies in the face of computer attacks

As businesses increasingly become the target of cyber threats, the cybersecurity industry lacks the talent to protect organizations. Analysis with Clément Michel, president of CLUSIR Normandie, account manager of YesWeHack, alumni and speaker within the CESI group.

To protect against threats, businesses need to be as vulnerable as possible. © Gorodenkoff – stock.adobe.com

Computer security has become essential today in companies. If the hacks were originally the work of isolated whistleblowers or groups of hackers who attacked organizations to challenge their image, the field has become more professional. One of the biggest risks for businesses is phishing. Easy to set up for hackers, this sending of fraudulent emails is a gateway for ransomware, computer viruses that encrypt data. A ransom is demanded in exchange for a decryption key to regain access to its information system.

Solutions to protect companies against computer attacks

To protect against these threats, organizations, regardless of their size and industry, must be as vulnerable as possible. ” A business may continue to be the target of an attack, but if it is up to date in its software, if its infrastructure is secure and hardened, and if it has a monitoring system in place, it will be more difficult for them. pirates to get through the cracks. Even if humans fall for a phishing operation, protection and defense mechanisms will take over to protect company data », Explains Clément Michel, account manager of YesWeHack, graduate and speaker at CESI, which trains students in cybersecurity professions.

To identify their own flaws, companies need internal resources. ” The problem is that we are seeing a shortage of talent in this area, both at national, European and international level. »To cope with the lack of consultants or engineers specializing in cybersecurity, the bug bounty represents an alternative to traditional approaches and tools. For example, the YesWeHack platform references more than 30,000 cybersecurity experts, selected according to their ethics, and able to identify vulnerabilities at the heart of computer systems (applications, servers, infrastructures, etc.). ” They will access testing programs provided by our customers. When a vulnerability is identified, our experts receive compensation in return. »

This approach, which has existed since the 1980s, was popularized by Big Techs (Microsoft, Apple, etc.) with rewards ranging up to several hundred thousand dollars for spotting the most critical flaws in their systems. ” Each client offers the premium they want depending on the sensitivity of the perimeter and the time spent to resolve it. In 2021, the average amount of a bonus was 450 euros. “Beyond the financial aspect, this activity allows experts to keep their knowledge up to date, which is essential in this sector.

The jobs and skills needed to work in cybersecurity

According to the 2021 survey on cybersecurity profiles published by the National Information Systems Security Agency (ANSSI), 5 profiles are among the most sought after on the market: cybersecurity engineer (30% of employment), consultant (12%), architect (10%), analyst (8%) and expert (5%).

Technical or organizational jobs

According to Clément Michel, there are two distinct types of professions in this branch:

  • Technical professions: they correspond to the functions of engineer, analyst, designer or architect in security (from bac + 2 to bac + 5). Their missions consist of ” set up and manage tools, as for a computer park, with the difference that these activities aim to defend the information system, to identify flaws and potential attacks. They also scan systems for vulnerabilities ».
  • Organizational jobs: they aim to manage and organize cybersecurity actions in the company, which are implemented by the technical part. These are in particular organizational consultants or auditors, whose role is to ” carry out risk analyzes, ensure that the structures comply with the standards vis-à-vis the regulations in force, according to their sector and their geographical area ».

If you are interested in cybersecurity, you can also become an information systems security manager (or RSSI), which is the equivalent of the cybersecurity director of information systems. ” The CISO will manage the risks of the company, manage the security clauses in the contracts with the partners or the customers of the company, manage the subcontractors, until the awareness of the collaborators. »

Skills to master in cybersecurity

For technical professions in particular, it is necessary to have a good knowledge of the fundamentals of cybersecurity: from development, to be able to read ransomware which is made up of code, to the operation of a computer network or a server. In terms of soft skills, curiosity is an essential quality, which allows us to go further in the resolution of cyberattacks. ” These are fascinating jobs, which are engaging and very demanding. As the sector evolves very quickly, it is imperative to keep a constant watch to stay on the page. »

Cybersecurity resources to follow

Clément Michel recommends obtaining information from ANSSI, “ the leader in cybersecurity in France “. The agency shares guides and best practices to apply for French administrations, local authorities, small and large companies, but also individuals. The cybermalveillance.gouv.fr site is also a reference, as is the CERT-FR, the government center for monitoring, alerting and responding to computer attacks, which provides information on the latest vulnerabilities identified. Cyber ​​influencers to follow are Zataz, SAXX, BitK_, or Micode’s YouTube channel. Events not to be missed: the FIC, the Hack, the Assises de la Sécurité, as well as the European Cyber ​​Week.

Professional training to learn cybersecurity techniques

If you want to train for a profession in the world of cybersecurity, CESI School of Engineers offers an engineering cycle specializing in computer science. Accessible from bac + 2, this 3-year course allows you to choose the cybersecurity option in the 5th year of studies. It is the training followed by Clément Michel, who particularly appreciated the pedagogy provided by the school, which emphasizes problem-based learning. ” We had work sequences that led us to ask ourselves questions, to seek answers on our own. And we shared the information gathered within the group, made up of 10 to 15 students. »

The plus of the training: the model taught is modeled on the way of working in a company. ” When I left school, I was very independent when I found myself faced with security issues. Thanks to the methodology I learned at CESI, I knew how and where to look for the necessary information. The program allows you to pass professional certifications from specialized publishers (Microsoft, Cisco, etc.). Pupils also have the option of doing internships or taking apprenticeship training.

It is also possible for you to train at CESI École Supérieure de l’Alternance and more specifically through its IT & Digital sector, which offers a systems and networks specialty, in order to obtain the diploma of manager in infrastructure and cybersecurity of systems. information (RNCP level 7 certifying title – bac + 5 equivalent).