Cyber security consultants are required to apply analytical, decision-making and communication skills to provide reliable advice to clients. Quite often they report progress and outcomes to stakeholders which include those who are able to understand technical terms, descriptions and explanations, and those who are not always able to understand these. Consultants must possess strong leadership skills, enhanced project management skills, organisation and management skills and possess the knowledge and confidence to make effective leadership interventions within a cyber security context.
The module, delivered in collaboration with one or more commercial partners, will expose participants to realistic experiences of the work that a cyber security consultant is involved with. The module will develop a thorough understanding of the cyber security consultancy lifecycle which typically involves presales, execution and closure. The module will be delivered over 5 months with a full lecture day each month followed in the late afternoon by the announcement of an industry-supplied consultancy project. Participants will work in their respective project teams to deliver the project and in so doing, will undertake tasks such as:
• Elucidating, organising and categorising client requirements.
• Undertaking role and work allocation.
• Organising and managing the scheduling of the project to ensure successful and timely delivery.
• Organising and managing finances related to the project both in terms of cost to client and internal costs.
• Undertaking and delivering the project.
• Reporting on the project at specified points.
Participants will be expected to keep a shared portfolio of work, conduct professional ‘minuted’ meetings with their teams and utilise appropriate technology (for example Microsoft Teams) to support project progress and communication. At the end of each project delivery, participant teams will be reorganised in preparation for the next project.
- Adapt and innovate to solve problems, and to manage in unpredictable situations making sound judgements in the absence of complete data.
- Demonstrate the ability to work effectively as part of a diverse group using self-direction and initiative and applying planning, organisational and budgeting skills appropriately.
- Demonstrate effective relationship skills and professionalism (including negotiation, facilitation, communication and relationship-building skills).
- Present information effectively in both oral and written format and formulate and deliver logical and precise arguments to key decision makers in an organisation.
- The role of a consultant. The strategic context setting of Cyber Security; the culture of cyber security; roles in an enterprise; human factors in cyber security; roles and responsibilities within a cyber team; security professionalism; security culture and raising cyber awareness;
- Managing consultancy projects. The consultancy life-cycle; elucidating requirements; planning, developing, controlling and delivering consultancy projects; developing consultancy proposals; consultancy tools, skills and techniques; dealing with uncertainty such as vague specifications and rapidly changing environments.
- Cyber security in an organisation. Understanding the role and function of security policy in an organisation; types of security policy; acceptable use policies; security standards (e.g. ISO/IEC 27000); the role and function of security policy; governance and compliance requirements in law
- Managing cyber security projects from a system, application and physical security viewpoint. Identity management: authentication, access control and privilege management; securing mobile devices; managing BYOD; securing applications; Email, web and database security; social networks; DRM; database security; big data security; physical and environmental controls; physical protection of IT assets.
Portfolio of consultancy reports (3,500 words, 100%)
2 weeks including 13 hours of lectures, 27 hours of tutorials