| Skill/Knowledge Category |
Specific Skills/Knowledge |
Relevant Tool/Documentation Familiarity |
| Essential 8 |
Has worked intensively on implementation and uplift of Essential 8 controls.
Has a strong working knowledge of Essential 8 controls and maturity levels.
Has been heavily involved in assessing efficacy of Essential 8 controls.
Experience working with multidisciplinary teams to ensure efficient and practical implementation of controls and roadmapping future uplift.
|
ACSC Essential 8 Maturity Level Documentation
|
| NIST |
Has worked closely with NIST Framework to contribute to conceptualising overall Cyber Security Strategy.
Has been involved in round table discussions regarding planned implementation of NIST Controls.
|
NIST Documentation
|
| Incident Response |
Has experience reading and interpreting alerts generated by SIEM tools.
Has Experience interpreting and acting on Security Incident Tickets generated by ServiceNow.
Has Experience working within and across teams to resolve Security Incidents.
Has Experience in escalation of Security Incidents where required.
Crucially involved in the creation of Cyber Security Incident Response Plan.
Has Experience dealing with third party Incident Response vendors.
|
ServiceNow, SIEM Tools (various)
|
| Cyber Security Awareness |
Developed organisational Cyber Security Awareness Program containing:
- AI Avatar Led Videos using Synthesia.
- Written Articles.
- Relation of Cyber Security topic to recent real world event.
- Quiz.
Communicates regularly with stakeholders and users to discuss the importance of Cyber Security.
Developed Presentations to Management, Boards and various committees around state of Cyber Security.
|
Synthesia AI, Microsoft Forms, Microsoft SWAY, Microsoft Word
|
| Cyber Risk Assessment |
Regularly conducts risk assessment utilizing internal frameworks to assess new technology solutions for business.
Involved in Gap Analysis for Cyber Security within the business.
Worked with third party Risk Assessment Vendors where appropriate.
Communicates with operations with respect to implementation of recommendations resulting from Cyber Security Risk Assessment.
Familiarity with Risk Register applications to log and track Risks and associated controls.
|
CAMMS Sycle
|
| Identity and Access Management |
Liases with stakeholders to determine and further develop Identity Management policy and procedures.
Strong understanding of Principle of Least Privilege.
Strong understanding of benefits of Role Based Access Control.
Involved in improvement of privileged access separation procedures.
|
Active Directory, LAPS, Group Policy
|
| Vulnerability Management and Patching |
Regularly monitors vulnerability scan results and prioritizes vulnerability remediation.
Works with relevant team to promote deployment of patching for vulnerabilities in order or criticality.
Works with third party Vulnerability Management vendors where appropriate.
|
Tenable
|
| Asset Management |
Involved in maintainance of Asset Register where appropriate.
Familiarity with Asset Management software as appropriate.
|
ServiceNow
|
| Cyber Security Governance |
Involvement in developing various Cyber Security Related Policies.
Involved in auditing existing Cyber Security Policies and improving on them.
Communicates with HR regarding discovered breaches of Cyber Security Policy.
|
CAMMS, Internal Policy Databases
|