Written by Sugiarto RM,
Co-founder Indonesian CIO Network
18 March 2021

With cyber attacks getting worse and now the infamous supply chain attacks, the world cannot be at a more dangerous point.

Each organization will need to beef up their own cybersecurity awareness program and my intent today is to write on how to go about doing this.

If we do agree that cybersecurity is now a board room topic, I prefer to use the word education than awareness, as the former covers more. Hence in my opinion I prefer to use the label Cyber Security Education Program for enterprises

Each organization has different needs, and the first step is to secure the top management or what we usually refer to as the Board level support.

Next is to drill down to a team of cross department members and define what can be achieved say over a period of two years.

Remember an organization consists of different people and the cybersecurity awareness or training modules will differ from one person to another, one level to another.

Now, my op-ed will focus on two areas; how joining a community that has a strong DNA about cybersecurity may help the more senior managers/CXO and second on some trainings and cybersecurity content providers that may help the education reach to individuals more effectively.

As the co-founder of one of the oldest and most established open networking working community for CXOs in Indonesia, ICION has helped and educated senior manager groups on cybersecurity for almost a decade. Our webinars and seminars have a wide selection of topics that are related to cybersecurity and at ICION what we tend to do is to adopt an approach that is not overly vendor-centric and also keeping our content to a simple language where all and sundry can understand and relate to what is being conveyed has been highly effective.

By simplifying our content, all levels of employees, and not just limited to higher levels can understand us at ease. Subtracting the technical elements often times takes away the complexity and fear factor for many.

I do believe that ICION over the years has been of value to helping CXOs in Indonesia to be more aware and our education has helped them in understanding what is happening out there…in terms of trends and threats and key technologies. To date in 2021, we have so far championed a lot on threat intelligence and security ratings. The two subjects within cyber security are relatively new and less understood by the masses but with our education and awareness we hope to change it.

My second part of this article will focus on bringing to fore some courses and providers that organizations can look into, in terms of educating and equipping their team with the right knowledge and tools.  

  1. CISSP Certification from isc2.org

This the gold standard for cyber security practitioners over the years. Equivalent to a Master’s degree in Cybersecurity, it’s a coveted badge for Managers with five years and above experience and for more mature cybersecurity Managers hoping to ascend to a GM and VP

  • OSCP Certification from offensive security

This a good “hacking” badge to have for engineers’ level and also Managers to ensure they understand how hackers think and hack.

Cybint is a global cyber education company that addresses the human factor of cybersecurity. We tackle the industry’s two greatest threats: workforce shortage and skills gap. We partner with organizations and higher education institutions to empower the current and future workforce. 

Look at vendors who can tailor cybersecurity content across different departments and employees so the education and awareness campaign can reach fair and wide within your organization. This just but one example, as they will open up portal access for you and provide content suitable for different parts of the organizations which includes general security awareness training for staff.

In summary course 1 and 2 are for the cybersecurity team itself while the third option is for across the organization.

I like to end with the note that cybersecurity education is an area that all companies should look at seriously and leadership should come from the Management and Board levels as nothing is more effective than for employees to witness Management and Board level members walking the talk. And as a community leader who is passionate about cybersecurity, ICION encourages and welcome smore discussions into these arenas.

The opinions expressed in our published works are those of the author(s) and do not reflect the opinions of ESPC or its Editors. Information contained in our published works have been obtained by ESPC from sources believed to be reliable. However, neither ESPC nor its authors guarantee the accuracy or completeness of any information published herein. ESPC shall not be responsible for any errors, omissions, or claims for damages, including exemplary damages, arising out of use, inability to use, or with regard to the accuracy or sufficiency of the information contained in its publications.