Miguel Rego is a true computer security expert.. In addition to his military career (he is a Lieutenant Colonel in the Army Quartermaster Corps), he has a long career in the field of cybersecurity.
He has been an executive at major brands such as Deloitte and EY, as well as working in public organisations.
In this way, between 2013-2016 he held the position of Director General of INCIBE (National Institute of Cybersecurity) and, for some years now, he has been a teacher. Currently, he holds the post of IMMUNE's cybersecurity area director.
Today we are going to talk to him in depth about this field of work, which is in full expansion due to the boom in cyberattacks in our country in recent times. In 2020, Spain was the third country to suffer attacks of this type.
Spanish society should be made aware of the dangers of the net. Spain is a country in which 94% of the population uses the internet systematically and more than 30 million use social networks on a daily basis. Therefore, we are digital users and we must be aware of what measures we should incorporate in our daily lives to be protected.
A lot of effort has been made in recent years at the National Cyber Security Institute through media campaigns; but we are only at the beginning of this journey.
Big business puts a lot of effort and concern into cyber-security and in how to protect yourself against cyber risks.
In the case of SMEs it depends a bit: it goes by sector and maybe by size. Those that would be in a situation of micro-SMEs would be the most vulnerable In contrast, medium-sized companies with a more technological component would be comparable to large companies.
As for citizens, they are progressively incorporating these self-protection measures.
Companies have to devote a percentage of their spending to cyber security, in relation to the investment they devote to digitisation.
There is no magic formula for how much to spend on CIBERs in relation to IT investment; but in general terms best practice advises between 10 and 14% of what they spend on digitisation should be spent on cyber security.
Sometimes we try to give cyber security a different focus than the other risks a company faces, but in reality it has to be treated in the same way.
What needs to be done is to normalise this situation and incorporating cyber risks as part of operational riskswithin the same model. Devote the same effort and budget proportional to the impact, the damage, that the materialisation of these risks may have on the company's activity.
The first thing that any company considering improving its cybersecurity level has to do - it is very obvious - is to know how it is doing. Knowing how it is from the point of view of its processes, its organisation and also its technology. You need to know what your maturity level is and where you should be, depending on your business activity.
Once that exercise is done, a series of measures have to be incorporated, ranging from developing policies and procedures, to investing in technology and, very importantly, people.
In the end, no matter how smart technology is, no matter how much we are moving towards artificial intelligence and machine learningPeople are fundamental.
It is therefore necessary to equipping companies with a cybersecurity departmentThe right talent, matching your specific needs.
Cybersecurity is a highly demanding marketWhy is this a long way from maturity? Because companies continue to digitise, and not only companies: states, governments, public institutions, the personal sphere...
We are increasingly digital, and as we are increasingly digital, cyber risks are increasingly present. Therefore, the more digitisation, the more risk and the greater the need for professionals.
At the moment, we are not able to meet the current need with professionals. Therefore, if I were to go back to school, I would do the same as I have done so far: focus on the world of cybersecurity.
The great advantage that cybersecurity has is that, although we associate it with the hacker (that person with deep technical knowledge), we can say that it is multidisciplinary.
It is true that the 'cybersecurity edifice' cannot only be built with lawyers, sociologists, economists... because without the hacker piece, that edifice would fall down.
That said, the scope of cyber security is very broad. There are issues related to social engineering (how people's lack of knowledge or weaknesses can be exploited to initiate an attack), where sociologists have an important field. Regulation is also very important: lawyers on the issues of compliance have a very important role to play.
I, in the end, throughout my professional career, continue to see different profiles together with computer or telecommunication engineers.I see industrial engineers, naval engineers, civil engineers, physicists, mathematicians, sociologists, economists... it is such a complicated and extensive field that, in the end, any background from any career (even humanities) has a chance.
So when you start working in cyber security, you have 2 initial components: if you come from a very technical world, I would say the analyst career would be a very good way out; whereas, if one comes from a less technical background, the consulting career can be very interesting.
There is one fundamental thing: IMMUNE's clear orientation towards the professional outlets that IMMUNE has in its corein the deepest part of the world. In other words, training must clearly serve to help young - and perhaps not so young - people to find a professional opportunity in the digital field and also in cybersecurity.
IMMUNE's cybersecurity proposal seeks to, in a modular way, offer different itineraries The role of a consultant, analyst or engineer really fits very well with what both public and private organisations are asking for.
If you want to become a computer security professional like Miguel Rego, at IMMUNE we have this Cybersecurity Master for your specialisation.