Information Security Consultant Responsibilities and Duties.
- Revise and analyze IT operations and systems, hardware configurations, physical security and operating procedures across organization.
- Consult and comply with set controls, standards, policies and procedures while carrying out IT activities.
Cyber security consultancy services
Kantinka Consult's cyber security consultancy services are delivered by a team of experienced in-house consultants who have a deep understanding of the range of cyber risks facing organisations today, helping you implement the best possible security solutions for your budget and requirements.
Our services can be tailored for organisations of all sizes in any industry and location. Our proven online consultancy solutions deliver significant savings when compared with regular face-to-face consultancy.
ISO 27001 consultancy
ISO 27001 is the international standard that describes best practice for an ISMS (information security management system). It is globally recognised as the most comprehensive solution to achieving an enhanced cyber security posture.
We’ve helped more than 400 organisations achieve accredited certification to the Standard, and we can provide implementation support to suit every budget or timescale, wherever you are in the world. From fixed-price packages to bespoke consultancy, we can supply everything you need to implement an ISO 27001-compliant ISMS in your organisation.
Cyber Health Check
The three-phase Cyber Health Check combines on-site consultancy and audit with remote vulnerability assessments to assess your cyber risk exposure. Our four-step approach will identify your actual cyber risks, audit the effectiveness of your responses to those risks, analyse your real risk exposure and then create a prioritised action plan for managing those risks in line with your business objectives.
NCSC Certified Cyber Security Consultancy scheme
Kantinka Consult is not yet certified under the National Cyber Security Centre (NCSC)’s Certified Cyber Security Consultancy (CCSC) scheme, but hopes to be an early adopter.
There are currently four CCSC categories, and we offer consultancy services related to each:
- Cyber security audit and review
- Cyber security risk assessment
- Cyber security risk management
- Cyber security architecture
The UK government’s G-Cloud framework makes it faster and cheaper for the public sector to buy Cloud services. Suppliers are approved by the Crown Commercial Service (CCS) via the G-Cloud application process, eliminating the need for a full tender process for each buyer.
Kantinka Consult has been approved to provide six cyber security services via the government’s Digital Marketplace for Cloud support.
Cyber Security Audit
Receive high-level recommendations for improvements to your organisation’s cyber security posture with this consultancy service from Kantinka Consult.
It is particularly useful for organisations taking their first steps towards complying with the General Data Protection Regulation (GDPR), ISO 27001 and Cyber Essentials.
SOC audits based on ISAE 3402 and SSAE 16
A Service Organization Controls (SOC) audit is often a prerequisite for service organisations to partner with or provide services to tier-one organisations in the supply chain. SSAE 16 and ISAE 3402 have replaced SAS-70 as the new global standards for assurance reporting for service organisations. Many organisations that have undergone an SAS 70 in the past will now require a SOC 2 Type II report.
Kantinka Consult can provide assistance throughout the entire SOC preparation, remediation, testing and reporting process.
Cyber incident response management
The speed at which you identify a breach, combat the spread of malware, prevent unauthorised access to data, and remediate the threat will make a significant difference in controlling risk, costs and exposure during an incident. Effective incident response processes can reduce the risk of future incidents occurring.
With an effective incident response plan, you will be able to detect incidents at an earlier stage and develop an effective defence against the attack.
Kantinka Consult's cyber security incident response consultancy service is based on ISO 27001, ISO 27035 (the international standard for cyber incident response) and best-practice frameworks developed by CREST. It can help you develop the resilience to protect against, remediate and recover from a wide range of cyber incidents.
Why use Kantinka Consult?
Kantinka Consult has a wealth of experience in the cyber security and risk management field. As part of our work with hundreds of private and public organisations in all industries, we have been carrying out detailed risk assessments for more than ten years. All our consultants are qualified, experienced practitioners.
Cybersecurity Consulting Services
The Security & Risk Consulting practice provides a broad portfolio of services to address the information security, risk and compliance needs of our clients. Our IT security consultants help clients identify vulnerabilities and assess real business risk, meet PCI, ISO 27002, GDPR, and other security compliance mandates more efficiently and effectively, devise security and governance programmes that fit a client's environment, and help them recover from and prepare for a cybersecurity breach.
Strategy, Governance, Risk and Compliance
Secureworks Strategy, Governance, Risk and Compliance portfolio is a collection of services designed to create, adapt and operationalise a security strategy that addresses your organisation's most likely threats and top risks while remaining accountable to business objectives.
Chief InfoSec Officer
Security Software Developer
Source Code Auditor
Become A Security Consultant
What does a security consultant do?
A Security Consultant is the IT equivalent of Obi-Wan–advisor, guide and all-round security guru.
In your role as an expert consultant, you will design and implement the best security solutions for an organization’s needs.
Security Consultant Responsibilities
Each institution will be dealing with unique IT security threats, so your day-to-day tasks can vary greatly. You may be required to:
- Determine the most effective way to protect computers, networks, software, data and information systems against any possible attacks
- Interview staff and heads of departments to determine specific security issues
- Perform vulnerability testing, risk analyses and security assessments
- Research security standards, security systems and authentication protocols
- Prepare cost estimates and identify integration issues for IT project managers
- Plan, research and design robust security architectures for any IT project
- Test security solutions using industry standard analysis criteria
- Deliver technical reports and formal papers on test findings
- Provide technical supervision for (and guidance to) a security team
- Define, implement and maintain corporate security policies
- Respond immediately to security-related incidents and provide a thorough post-event analysis
- Update and upgrade security systems as needed
A lot of these responsibilities will depend on the terms of your consulting contract. For example, some companies may expect a consulting firm to monitor and maintain any security plan that is implemented.
In a large organization, you will typically collaborate with IT Project Managers and/or a Security Manager.
Security Consultant Career Paths
To become a Security Consultant, you should consider gaining your work experience in intermediate-level security jobs such as:
- Security Administrator
- Security Specialist
- Security Analyst
- Security Engineer
- Security Auditor
If you’re looking for a bump in pay and the chance to lead a large team, these jobs are logical next steps:
- Security Architect
- Security Manager
- IT Project Manager
The highest seniority and pay generally comes with being a:
- Security Director
The term “Security Consultant” is a fairly broad one. You may also find the job referred to as:
- Information Security Consultant
- Computer Security Consultant
- Database Security Consultant
- Network Security Consultant
As you would expect, Database Security Consultants are tasked with protecting databases; Network Security Consultants advise on network-related security issues.
Security Consultant Salaries
According to Payscale, the median salary for a Security Consultant is $80,072 (2014 figures). Overall, you can expect to take home a total pay of $46,384 – $146,663. This includes your base annual salary, bonuses, profit sharing, tips, commissions, overtime pay and other forms of cash earnings, as applicable. Higher figures do not include benefits.
Security Consultant job requiremens
All Security Consultants must understand IT security from the ground-up. That means organizations and consulting firms will require – at minimum – a bachelor’s degree in Computer Science, Cyber Security or a related field (e.g. Engineering).
Don’t have a technical undergraduate degree? Gauge whether gaining a master’s degree with a concentration in IT Security would help. You’ll need to add significant work experience, training and certifications to impress employers.
Security Consultants are expected to have at least 3-5 years of professional experience before companies and organizations will consider hiring them.
Since the job of a Security Consultant covers the waterfront, technical knowledge is paramount. Here are a variety of hard skills that we’ve found employers requesting:
- IDS/IPS, penetration and vulnerability testing
- Firewall and intrusion detection/prevention protocols
- Secure coding practices, ethical hacking and threat modeling
- ISO 27001/27002, ITIL and COBIT frameworks
- PCI, HIPAA, NIST, GLBA and SOX compliance assessments
- Windows, UNIX and Linux operating systems
- Performance tuning views, indexes, SQL and PLSQL
- Application security and encryption technologies
- C, C++, C#, Java or PHP programming languages
- Subnetting, DNS, encryption technologies and standards, VPNs, VLANs, VoIP and other network routing methods
- Network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols, etc.)
- Advanced Persistent Threats (APT), phishing and social engineering, network access controllers (NAC), gateway anti-malware and enhanced authentication
It goes without saying that great leadership and negotiation skills are going to be helpful in this job. Companies are also looking for candidates with excellent oral and communication abilities. Talking to clients and working with diverse IT teams requires patience and tact.
Like Security Architects and Security Engineers, Security Consultants are creative builders, complex problem-solvers and savvy analysts. You’ll be dealing with a huge range of variables when you design and assess security systems.
Certifications For Security Consultants
The most important acronym you need to know is IAPSC (International Association of Professional Security Consultants). Companies may require proof of IAPSC membership before hiring you.
Also check out certifications such as:
- GIAC Security Certifications
- OSCP: Offensive Security Certified Professional
- CSC: Certified Security Consultant
- CPP: Certified Protection Professional (CPP)
- PSP: Physical Security Professional (PSP)
- CISSP: Certified Information Systems Security Professional