News and updates - August 2024

In this newsletter:

Recent dotSec certification achievements and training news.
Read about a recent dotSec GRC project that focused on ISO/IEC 27001:2022 preparation.
Meet Gautham, Head of Governance, Risk and Compliance (GRC) at dotSec and learn more about dotSec’s GRC services.

Cyber security expertise through training

The dotSec ethos is to ‘provide a good working environment for smart people to achieve great outcomes’. dotSec provides significant opportunities and funding for ongoing staff training including study during work hours and funding full certification fees. This investment enables staff development and the delivery of cyber security expertise and services that are informed by up-to-date knowledge.

To that end, three of dotSec’s staff were awarded new certifications in June and July:

Geoff Wilson; OffSec Certified Professional (OSCP)
Prabal Sahoo (Head of Managed Services); PECB Certified ISO/IEC 27001 Lead Auditor
Joshua Allen; Splunk Enterprise Security Certified Administrator

In addition, dotSec has been doing its part to help the Cyber Security community to learn new skills. In the spirit of this year’s AusCERT conference theme ‘Pay It Forward’, dotSec gave away training prizes including:

1st Prize: an All Access Membership to TCM Security
2nd Prize: a VIP Training Pass to Hack the Box
3rd Prize: a Practitioner Certification Exam for PortSwigger

dotSec also helped out one of the CrikeyCon IX attendees by covering the cost of their OSCP exam.

dotSec has sponsored CrikeyCon IX (as a platinum sponsor for the 2nd year running) helping to support this exciting, local event that always provides a valuable forum for loads of knowledge sharing, newbie experience and friendly competition.

GRC case study

National Software Development Company: ISO/IEC 27001:2022 Certification Preparation

CLIENT:

Our client is a national software development company that undertakes software design, development, deployment, integration and maintenance projects for commercial and government customers. In these roles, our client is granted access to sensitive information and systems that were owned by our client’s customers, and those customers were keen to ensure that their information and system assets remained secure.

BUSINESS CHALLENGE:

Our client needed to become compliant with ISO/IEC 27001:2022 for two main reasons. Firstly, to meet compliance requirements that were increasingly appearing as a key requirement in new project tender documents. And secondly, to demonstrate and provide confidence to interested parties (e.g. customers, business and supply chain partners, senior management, insurers) that information assets are actively being protected.

SOLUTION:

dotSec designed and implemented a project that consisted of two phases: Firstly, a gap analysis of the company’s current state in relation to the mandatory requirements for ISO/IEC 27001:2022 certification. And secondly, following the gap analysis, preparation for ISO/IEC 27001:2022 certification.

During the project, we completed the following tasks during the course of the project:

A risk assessment in order to decide upon policies and controls.
Assistance with creation of required ISMS process, policy and procedure documentation.
Assistance with operation of the ISMS for a period of time to collect evidence that the ISMS was operating effectively and efficiently, and that the process of continual improvement had been well understood and executed.
An internal audit of the ISMS.

RESULTS:

The project was a success and our client was issued with a certificate of compliance by an independent, external auditor. Our client now has a considerable market advantage in negotiating contracts with new clients and business partners since the certification provides confidence to interested parties that our client’s information assets are being actively and effectively protected.

The dotSec GRC team works with organisations to identify and address security gaps, using compliance frameworks to ensure completeness and security maturity, and reduce overheads and risk.

Contact the dotSec GRC team to talk about the steps that can be taken to improving organisational GRC.

Meet Gautham

Head of Governance, Risk and Compliance

Gautham, Head of Governance, Risk and Compliance (GRC) at dotSec, is a PCI DSS Qualified Security Assessor (QSA), an ISO/IEC 27001:2022 Lead Implementer and an ISO/IEC 27001:2022 Lead Auditor. Gautham also holds several related cyber security certifications including CISA, CISM, CRISC and CDPSE, and a Master of Information Technology (Computer Networks and Information Security).

Gautham has extensive cyber security knowledge and works closely with our clients to deliver dotSec’s Governance, Risk and Compliance (GRC) services, including:

Security Maturity Assessment
ISO/IEC 27001:2022 Certification Preparation
PCI DSS Level 1 QSA Assistance and Assessment
Table Top Exercises
CIS Essential Controls, NIST CSF and ASD/ACSC Essential Eight

Cyber security expertise - It's a real thing!

dotSec staff are highly trained and hold a wide range of certifications and degrees, including:

ISO/IEC 27001:2022 Lead Implementer
ISO/IEC 27001: 2022 Lead Auditor
Payment Card Industries Security Standards Council (PCI SSC) Qualified Security Assessor (QSA)
Splunk Enterprise Security Administrator, Cybersecurity Defence Analyst and Enterprise Administrator
OffSec Certified Professional (OSCP)
Information Systems Audit and Control Association (ISACA) Certified Information Systems Auditor (CISA), Security Manager (CISM), Certified Risk and Information Systems Control (CRISC), and Cerified Data Privacy Solutions Engineer (CDPSE)
Various university degrees including BSc, MSc (computer science, computer networks, security, and electrical engineering), and PhD (computer science, distributed computing, mathematics and physics, and human-computer interaction)

Contact the dotSec team and find out more about how dotSec’s passion for training and skills enhancement can help you with your cyber security risk management.