Keynotes and Speakers for ITx 2018
Principal Consultant, BSMImpact
Daniel Merriott is a Principal Consultant for BSMimpact, based in Auckland.
With nearly 20 years experience in IT management and consultancy, and being certified in ITIL, COBIT, VeriSM, and SIAM, Daniel's focus is helping organisations leverage and integrate these frameworks to suit their operating needs.
He is also a Certified Management Consultant, Chartered IT Professional, a Fellow of several professional bodies, as well as Certified in Governance Enterprise IT and a Certified Information Systems Auditor. He is an Accredited SFIA Consultant and trainer and is a member of the SFIA Council.
Many organisations fail to deliver a comprehensive cybersecurity capability owing to skills gaps. In this session, you’ll explore how to define and assess the skills needed and manage the skills gap to build or enhance your cyber security capability.
Achieving maturity in any capability requires understanding the skills required to plan, build, operate, monitor, and manage that capability. Leveraging existing recognised frameworks such as the NIST Cyber Security Framework (CSF) can be a great help to organisations seeking to develop a such a capability.
The NIST CSF provides a high-level guidance on an implementation approach that is very well complemented by resources such as ISACA’s “Implementing the NIST Cyber Security Framework”. However one of the major challenges remains how to define and assess the skills required to deliver the capability, and how to manage the skills-gap that inevitably exists.
SFIA (the Skills Framework for the Information Age) is an industry recognised framework that describes the skills needed by staff. SFIAv6 saw significant enhancements to the framework to address new cybersecurity skills and enhance existing skill descriptions with security responsibilities and it is expected that SFIAv7 will continue to further identify and support cybersecurity skills. SFIA describe skills in a way that facilitates both evaluation of the skills needed to deliver capabilities and the assessment of individual and team capability in a coherent way.
Building on the extensive experience of using the SFIA and COBIT frameworks in organisational design, recent experience of using the NIST CSF, (and having mapped COBIT and the NIST CSF against SFIA), the session will be focused highlighting the transferable skills that can be deployed in cybersecurity and how they might be identified.
Daniel will use a case study showing how a client organisation approached a requirement by the parent organisation to establish a SIAM model within their IT group providing Service Integration. This will help demonstrate how SIAM, ISO20K, ITIL and SFIA can be leveraged to help an organisation understand what their needs are and what they needed to do.
SFIA, the Skills Framework for the Information Age has become the defacto industry standard for describing professional skills in the IT community.
SFIA is updated periodically to reflect changes in the IT and digital professions. This talk will introduce SFIA and cover the major changes in version 7, expected to cover topics such as agile ways of working, DevOps, big data, cybersecurity, and other areas.