Information Risk Management Blog

Expert Tips for Managing a Cybersecurity Consulting Engagement

Written by Adil Mirza | Nov 19, 2019

The world today is witnessing widespread cyberattacks, and the impact seems to be increasing with no intention of subsiding. Moreover, companies and governments also voice their concern about the lack of experienced professionals to manage cybercrime and its fallouts. Cybersecurity has become a serious global concern with adversaries ranging from small-time hackers, rogue nations to organized cybercrime syndicates. Hackers have access and expertise in cutting edge technologies and operate with clinical precision to achieve their targeted goals. The rapid evolution of such sophisticated threats has also made the job of a cybersecurity consultant more demanding while testing their expertise and capacities. Security consultants must make continued efforts to be ahead of cybercriminals else there is a risk of falling behind their tactics.

 

I think it is time to introduce myself! I am Adil Mirza (Practice Head – IAM) (MEA) for Aujas Cybersecurity. I am a cybersecurity consultant, advisor, and mentor. I have been working in the cybersecurity domain for more than a decade and have gained a wide range of experience in devising information security strategy, developing IAM programs, access governance mechanisms, and designing compliance and regulatory policies.

 

Let me give you some tips in executing a successful cybersecurity consulting engagement.

  • The consultant must think and act as an attacker and defender while dealing with the client’s network and security environments.
  • A consultant’s role is independent with little or no supervision and calls for the right amount of leadership skills.
  • Effective communication is the key to manage stakeholders from CXO to the grassroots level.
  • Consultants need to have robust analytical skills and must update themselves on trending technologies and best practices.

Here is a real-time example of how I implemented these tips in successfully executing a cybersecurity assignment.

Earlier this year, I spearheaded the design and implementation of an IAM solution for a large government client in Saudi Arabia. The requirement was to provide almost one million users secure and seamless access to government e-services. The deployment included consolidation of e-services to users helping the client achieve the goal of a secure digital transformation.  


Client business need

  • Meet the Kingdom’s goal of digital transformation and unification of services to government employees, citizens, and expatriates.
  • Secure access to digital services and meet regulatory compliance.
  • Mitigate access risk across internal and cloud-based applications.
  • Setup federation with national user repository to facilitate business with partners and providing access to almost 1 million users.
  • Integration with national identity repository for fetching record while registering the users in unified repository.
  • Provide seamless user experience by transforming e-services to the latest technologies with dynamic data synchronization between different platforms.
  • Implement a reliable solution to prevent the sharing of passwords.
  • Provide the extensible capability for rapidly integrating apps for SSO.
  • Establish access governance practices.

To ensure the seamless execution of the project, we had multiple interactions with various stakeholders from security and non-security business functions. We then analyzed and understood their problem statements, designed, developed, and implemented an effective, sustainable solution as per the agreed scope of work and won the much-needed customer confidence.

 

Solutioning approach

  • Developed functionality specifications based on client requirements.
  • Evaluated technology fitment and deployed the solution.
  • Performed migration of users to a unified identity repository and enhanced access capabilities using leading access management solution.
  • Establish an identity provider to allow federation with national identity repository.
  • Enable rapid integration of single sign-on for e-services.
  • Fast track single sign-on for mobile & web-based application and e-services.

Cybersecurity consultants are a different breed. The way they work, their mindset, and attitude must function from a different plane of thought, and they should develop the knack of splitting a business environment, find out how it works and identify its security challenges and weaknesses. They should be critical thinkers who enjoy probing and solving complex problems. Security consultants should also have a vision of what they should achieve and the actionable steps they should adopt to accomplish their goals.

 

Nurturing consulting talent at Aujas

At Aujas, we nurture security consultants to develop their leadership qualities and technical abilities by providing them with opportunities to work with some of the best brands from across the globe. With offices in Jersey City, Dallas, Cupertino, Ottawa, Riyadh, Sharjah, UAE, Mumbai, Bangalore, and Gurgaon, our consultants get to work with complex and challenging security consulting assignments.

 

Interested in working with Aujas? We would be glad to have you with us. Do check our career openings page and apply. We are sure you would love working with us.