"Summer School is Worth the Effort"
Cybersecurity specialists are not easy to find. Despite this fact, EY still managed to attract five new experts in one day. “We are putting in a lot of effort to find new people”, says Douwe Mik, associate partner cybersecurity at EY. “Our cybersecurity branch is increasing with 60 percent per year.” While recapping he concludes, that investing in the International Cyber Security Summer School (ICSSS) as a co-organiser was a good decision. The ICSSS is powered by HSD and organised with many partners.
Sixty students and gradual students acquire extensive knowledge about cyber security within a time frame of six days. They follow lectures and work on challenging tasks that are given by prominent international and national organisations. This is a short summary of how the ICSSS is framed. EY is one of the parties that helped organise the fourth edition in August 2018. The other organising parties are HSD Office, NCI Agency, Europol, Leiden University and Dutch Innovation Factory. Within the framework of ‘Access to Talent’, interested students and organisations are brought together during a knowledge-enriching teaching programme about the ins and outs of cybersecurity.
EY fills in one of those six days. There is a plenary programme with lectures in the morning, including a lecture from former prime minister Jan-Peter Balkenende, external advisor at EY. He draws the broader context of cybersecurity regarding national and international safety and security, the law and technology. Afterwards, the two groups split up. One group focusses on technology. Guided by ethical hackers, the group works on security operations, incident response and they will hack together. The other group follows a similar programme and works on risk management and security policy. Douwe Mik: “At the end of the day we brought the groups together again with the message: cybersecurity is about humans, technology and process. All three of them should not be underexposed in an organisation that wishes to be cybersecure.”
Cyber education very necessary
The investment in the fourth edition of the International Cyber Security Summer School is worth the effort: five students now work for EY. EY also employed a few alumni of previous editions. According to Mik, the ICSSS is a good example of the power of security cluster HSD and the cooperation with HSD Office.
Mik: “Working together means that you have to be active yourself as well. The quality of the output depends on your input. As an HSD partner, you cannot lean back and expect things to come to you. If you are willing to invest in the offerings of HSD, you will pick the fruits of your labour.”
With that in mind, EY is also doing its part for the Cyber Security Week and networking gatherings. But that is not the only reason. “Being EY, we share our knowledge and we offer trainings because we see the societal importance. We do this within HSD, but also at universities of applied sciences and universities. Cyber education is very necessary, because we do not see sufficient talent on the market. This should be more of a priority in the field of education.”
Human capital is an understandable priority in the fast-growing cybersecurity branch. Experts are needed in different areas, with the resilience of customers being the central thread in the whole story. “Cybersecurity has many sides, but we mainly focus on humans, technology and process.” says Mik. “You can batten down the hatches, but the human remains a crucial factor. We point out where they are vulnerable and where their network could be accessed by unwanted visitors. Where technology is concerned, we give insight in the current level of protection and where improvements could be made. It is too simple to simply state they should invest more. Most of the times, they could invest in a smarter manner, instead of just investing more.” Finally, the process side is about doing a risk analysis based on the threat landscape. To support this, governance and risk policy are done. “Everybody is a target, but the risk profile differs per organisation. By framing this, our customers will be capable of improving their cyber resilience.”
Read the article in Dutch.