PA Consulting Group has enriched its risk and resilience offering by acquiring 7Safe, a leading provider of information security, computer forensics and education services. The acquisition complements PA’s well-established cyber security expertise and experience.

From world-leading energy firms to major government departments, we help organisations to improve security, reduce risk and improve resilience across their business. We offer a comprehensive, end-to-end service unmatched in the cyber security industry

The role:

• To support electronic discovery projects, forensically collect data and conduct basic forensic tasks, including data recovery
• To work with fellow consultants and management personnel, as well as with lawyers and corporate clients
• To support on-going and future electronic discovery matters including online document review and data processing
• Responsibility for the quality of client deliverables, assisting with business development, and supporting sales and marketing efforts
• To network with members of industry trade associations and other groups of interest
• To maintain and enforce the current, established processes and procedures that are appropriate to the role
• To produce forensic images of exhibits and property under investigation and to provide the correct paperwork necessary for a contemporaneous record of the investigation
• To attend client’s sites to acquire forensic images of electronic data
• To manage and support projects throughout the entire eDiscovery process as outlined in the EDRM
• To support eDiscovery clients in the Relativity and Nexidia review platforms
• To process data using the NUIX processing tool
• Maintain awareness of developments in technology, legislation and techniques
• Manage own projects and provide support for others
• Communicate the progress and any issues of all assignments
• Support the sales and marketing team’s efforts when requested, by assisting with sales calls to corporate security managers, legal teams and litigation support firms
• To deliver training in eDiscovery services

Person Specification:

• Knowledge and experience is required with the following operating systems: Windows, Macintosh, Linux or UNIX, and DOS
• An understanding of hardware and software troubleshooting
• Experience of electronic mail systems, such as Exchange, Lotus Notes and GroupWise
• Background in eDiscovery and litigation support with an awareness of products including Ringtail, Introspect, Nuix, Relativity
• Experience with eDiscovery platforms such as Nuix and Relativity is preferred although experience with other systems such as Introspect, Ringtail, Concordance, Summation, Clearwell, Attenex, CaseLogistix or similar would be beneficial
• Experience with forensics tools such as Encase, FTK and Helix
• Understanding  of and adherence to ACPO guidelines
• Ability to support multiple projects in an organised and efficient manner
• To be able to interact with other staff and clients, in person or by phone and to maintain confidentiality
• Critical thinking, problem solving and the ability to respond to demanding situations
• Support day to day aspects of client relationships
• Ability to work well under pressure while maintaining a professional image and approach with challenging clients whilst meeting their expectations

What can PA offer you?

• Original, strategic and operational consulting that makes a real business difference to high-profile clients. We never offer second-hand work or ready-made solutions
• The opportunity to work in committed teams that blend in-depth industry experience with high quality consulting expertise
• A transparent career path where your advancement is objectively measured, enabling you to achieve your full potential
• Training and development rated amongst the best in consultancy

About PA

PA Consulting Group is a leading management, IT and technology consulting firm. Independent, award winning and employee-owned, we operate globally in more than 30 countries and transform the performance of major organisations in both the private and public sectors.

From initial idea generation and strategy development through to detailed implementation, we deliver significant and tangible results to our clients through our innovative thinking and in-depth sector expertise.

We are committed to recruiting, promoting and rewarding our people solely on the basis of their ability to contribute to PA’s success, and regardless of their sex, race, disability, religion, national origin, ethnicity, sexual orientation, age or marital status.

Position Requirements:

Reporting to the 7Safe Director of Operations, the main purpose of the position is to ensure that the Education practice maximises its extensive business opportunities ensuring that courses are correctly marketed, well attended and delivered to the high standards that delegates expect.

The education practice offers a range of technical training courses covering topics such as ethical hacking, digital forensics, incident response and ISO 27001 to a wide and varied range of both public and private sector delegates including software developers, network architects, criminal investigators and security operatives. The courses are also affiliated to two University accredited MSc programs in computer forensics and attract students from around the world.

The classroom based courses are delivered and maintained by consultants within our existing security and forensics consultancy either within our custom built training centre or at customer site and may also be delivered by our expanding range of Accredited Training Partners.

You will also be responsible for managing the delivery of a number of projects that are required from time to time within the practice; currently these include the proposed relocation of our training centre (remaining within the South Cambridgeshire area), integration of our education administration tools with those of the wider PA Consulting Group and plans to develop a “mobile classroom” to take our training anywhere in the world.

You will have a wealth of resources at your disposal including internal marketing and publishing teams, an exhaustive database of blue-chip clients and a consultancy practice of industry recognised experts in the security and forensics fields. You will also have a training coordinator within your team to manage delegate bookings and ensure smooth running of the courses.

The role is based from our Melbourn (Nr Royston, Herts) office, with occasional travel to clients.

Responsibilities / Duties
• Driving sales via business development strategy and activities
• To ensure that the training courses delivered match the requirements of the market place both in terms of content and frequency.
• To ensure that training course attendance is maximised through generating sales to either individual delegates or by providing corporate wide delivery.
• To identify potential new opportunities for courses to be developed in order to expand our market reach.
• To maintain the existing relationship with UK Universities and to establish and maintain new relationships.
• To provide a means through the utilisation of PA Consulting resources and subcontractors of providing the training courses around the World, whilst confident that the standard of delivery is maintained.
• To ensure that the Education practice continues to deliver an exemplary service from initial client contact through to certification and beyond.
• Line management responsibilities for the Education practice including performance review and development plans.

Essential Skills
• An established track record in business development, client relationship management and operational delivery.
• Familiar with and comfortable talking about Information Security Issues in order to convince target clients of the need to attend the training courses.
• A proven ability to manage projects across a variety of disciplines with no direct line management authority.
• An ability to deliver classroom based training would be an advantage.
• An understanding of broader Information Security issues.
• Qualities
• Strong interpersonal and influencing skills.
• Self motivated and able to work with minimal supervision whilst maintaining team ethics.
• Exceptional communication skills at all levels of an organisation with appropriate
• technical content.
• Professional presentation and willing to promote a strong corporate ethic
• Able to maintain a number of independent work streams with fixed deadlines and varied resource requirements.

What can PA offer you?
• Original, strategic and operational consulting that makes a real business difference to high-profile clients. We never offer second-hand work or ready-made solutions
• The opportunity to work in committed teams that blend in-depth industry experience with high quality consulting expertise
• A transparent career path where your advancement is objectively measured, enabling you to achieve your full potential
• Training and development rated amongst the best in consultancy

About PA
PA Consulting Group is a leading management, IT and technology consulting firm. Independent, award winning and employee-owned, we operate globally in more than 30 countries and transform the performance of major organisations in both the private and public sectors.

From initial idea generation and strategy development through to detailed implementation, we deliver significant and tangible results to our clients through our innovative thinking and in-depth sector expertise.

We are committed to recruiting, promoting and rewarding our people solely on the basis of their ability to contribute to PA’s success, and regardless of their sex, race, disability, religion, national origin, ethnicity, sexual orientation, age or marital status.

This is a fantastic opportunity for an experienced and established professional with an excellent track record of business development and operational delivery to lead an expanding Education practice within a flourishing consultancy business.

To apply for this role, please click here

Position Requirements:
The successful candidate will work in an evolving environment providing a number of administrative functions such as maintaining client contact information, keeping project related data up to date, reviewing reports, arranging meetings, and responding to business enquiries. They will also provide holiday cover for existing Project Office functions for the Client Relationship Manager and Project Support Manager. This is a great opportunity for an enthusiastic professional to join our expanding Project Office function that provides pre- and post-sales support to a wide variety of clients requiring assistance across numerous IT Security related services.

Responsibilities / Duties
• Work with the consultancy teams and Client Relationship Manager to build Statements of Work for IT Security related projects.
• Perform quality checks on client reports and documentation.
• Maintain client and project related information on the CRM database.
• Create, schedule, track and invoice projects within our project tracking database.
• Perform credit checks on potential clients prior to engagements.
• Ad-hoc project and team administration as required.

Essential Skills
• IT Literate and familiar with MS Office and CRM applications.
• Strong English language spelling and grammar skills.
• Excellent organisational skills, meticulous and thorough in maintaining detailed information.
• Ability to understand the IT security challenges facing retailers, banks and service providers would be an advantage.
• Proven aptitude for a client services role / environment.

Qualities
Willing to adapt to a wide variety of tasks as required at various times throughout the client engagement and project process.
Meticulous and not willing to accept 2nd best.

What can PA offer you?
• Original, strategic and operational consulting that makes a real business difference to high-profile clients. We never offer second-hand work or ready-made solutions
• The opportunity to work in committed teams that blend in-depth industry experience with high quality consulting expertise
• A transparent career path where your advancement is objectively measured, enabling you to achieve your full potential
• Training and development rated amongst the best in consultancy

About PA
PA Consulting Group is a leading management, IT and technology consulting firm. Independent, award winning and employee-owned, we operate globally in more than 30 countries and transform the performance of major organisations in both the private and public sectors.

From initial idea generation and strategy development through to detailed implementation, we deliver significant and tangible results to our clients through our innovative thinking and in-depth sector expertise.

We are committed to recruiting, promoting and rewarding our people solely on the basis of their ability to contribute to PA’s success, and regardless of their sex, race, disability, religion, national origin, ethnicity, sexual orientation, age or marital status.

To apply for this role, please click here

Position Requirements:
Candidates will need to deliver external and internal infrastructure and web application penetration tests to our customers along with other forms of IT security consultancy. The ideal applicant will have some experience in commercial penetration testing. Strong general information security awareness and knowledge of operating system and applications is a prerequisite of this role; you will have some coding background and should have great expertise in at-least one of the following programming languages: C, C#, PHP, JAVA, .NET
 

The role is based from our Cambridge office, however, once an established member of the pen test team, you will spend time working on our client sites, therefore flexibility to travel is important.

RESPONSIBILITIES / DUTIES
• IT security consultancy
• Learn and share information within the team.
• Ability and will to undertake various research activities.
• Participate in all team’s everyday operations
 

ESSENTIAL SKILLS
• Good expertise in at-least one programming languages (e.g.: PHP, Java, C#, C). Prior coding experience is ideal.
• Good working knowledge of secure web development principles.
• Understanding of Operating System internals, knowledge of TCP/IP.
• An appreciation of the Information Security issues.
 

QUALITIES
• Strong interpersonal and communication skills
• Self-motivated and able to work with minimal supervision whilst maintaining team ethics
• Client oriented, able to communicate with all levels of an organisation with appropriate technical content
 
What can PA offer you?
• Original, strategic and operational consulting that makes a real business difference to high-profile clients. We never offer second-hand work or ready-made solutions
• The opportunity to work in committed teams that blend in-depth industry experience with high quality consulting expertise
• A transparent career path where your advancement is objectively measured, enabling you to achieve your full potential
• Training and development rated amongst the best in consultancy
 

About PA
PA Consulting Group is a leading management, IT and technology consulting firm. Independent, award winning and employee-owned, we operate globally in more than 30 countries and transform the performance of major organisations in both the private and public sectors.

From initial idea generation and strategy development through to detailed implementation, we deliver significant and tangible results to our clients through our innovative thinking and in-depth sector expertise.
 

We are committed to recruiting, promoting and rewarding our people solely on the basis of their ability to contribute to PA’s success, and regardless of their sex, race, disability, religion, national origin, ethnicity, sexual orientation, age or marital status.

To apply for this role, please click here
 

The role:

• To support electronic discovery projects, forensically collect data and conduct basic forensic tasks.
• To work with fellow consultants and management personnel, as well as with lawyers and corporate clients.
• Support ongoing and future electronic discovery matters including online document review and data processing. Undertaken forensic collections of data and conduct basic forensic analysis tasks including data recovery.
• You will be responsible for quality of client deliverables, assisting with business development, and supporting sales and marketing efforts. Will also network with members of local trade associations and other groups of interest.

• To maintain and enforce the current, established processes and procedures that are appropriate to the role.
• To produce forensic images of exhibits and property under investigation and to provide the correct paperwork necessary for contemporaneous record of the investigation.
• To attend client’s sites to acquire forensic images of electronic data.
• To manage projects throughout the entire eDiscovery process as outlined in the EDRM
• To support eDiscovery clients in Relativity review platform and also Nexidia
• To process data using the NUIX processing tool
• Research & renew of awareness of technology, legislation and techniques
• Manage own projects and provide support for others.
• Communicate the progress and any issues of all assignments
• Support the sales and marketing team’s efforts when requested, by assisting with sales calls to corporate security managers, lawyers, law firms, and litigation support firms.
• Network with members of local trade associations and other groups of interest.
• Research & review of awareness of technology, legislation and techniques

Person Specification:

• Knowledge and experience is required with the following operating systems: Windows, Macintosh, Linux or UNIX, and DOS.
• An understanding of hardware and software troubleshooting
• Experience of electronic mail systems, such as Exchange, Lotus Notes and GroupWise
• Background in eDiscovery and litigation support with an awareness of products including Ringtail, Introspect, Nuix, Relativity
•  Experience with eDiscovery and forensic tools such as EnCase, Nuix and Relativity.
• Understanding  of ACPO guidelines
• The ability to support multiple projects
• To be able to interact with other staff and clients, in person or by phone and to maintain confidentiality.
• Critical thinking, problem solving and the ability to respond to demanding situations.
• Support  day to day aspects of client relationships
• The ability to work extremely well under pressure while maintaining a professional image and approach with challenging clients whilst meeting their expectations.
• To deliver training in eDiscovery services

What can PA offer you?
• Original, strategic and operational consulting that makes a real business difference to high-profile clients. We never offer second-hand work or ready-made solutions
• The opportunity to work in committed teams that blend in-depth industry experience with high quality consulting expertise
• A transparent career path where your advancement is objectively measured, enabling you to achieve your full potential
• Training and development rated amongst the best in consultancy

About PA
PA Consulting Group is a leading management, IT and technology consulting firm. Independent, award winning and employee-owned, we operate globally in more than 30 countries and transform the performance of major organisations in both the private and public sectors.

From initial idea generation and strategy development through to detailed implementation, we deliver significant and tangible results to our clients through our innovative thinking and in-depth sector expertise.

We are committed to recruiting, promoting and rewarding our people solely on the basis of their ability to contribute to PA’s success, and regardless of their sex, race, disability, religion, national origin, ethnicity, sexual orientation, age or marital status.
 

To apply for this role click here

The winner of the second annual UK Cyber Security Challenge, supported by 7Safe education services, part of PA Consulting Group, has been awarded a place on 7Safe’s leading information security certification course. PA’s Alan Phillips, IT security and risk expert presented the award to Cambridge University student Jonathan Millican, who was crowned the winner having beaten thousands of talented contestants.

Additionally, several other highly popular 7Safe education prizes were awarded to finalists of the competition, who selected specialist certification courses ranging from the Certified Forensic Investigation Practitioner (CFIP) to the Certified Application Security Tester (CAST) course.

Supported by both the public and private sectors, the competition is intended to help drive the development of a larger and more dynamic cyber security workforce that is equipped with the increasingly diverse range of cyber skills required by government and businesses in order to defend UK organisations against the increasing risk of cyber attack.

Alan commented: “We are proud to continue to sponsor the challenge for the second year and to help reinforce the message that cyber threats are increasing among organisations due to a lack of skilled, trained experts working in important parts of the public and private sector. Importantly, by offering places on our specialist information security certification courses, we hope to inspire the next generation of cyber talent to protect the UK’s business assets."

On 13th March 2012, Microsoft released a security patch for the MS12-020 vulnerability relating to the remote desktop protocol (RDP). The identified vulnerability allowed attackers to execute arbitrary commands on systems running vulnerable RDP services over the network which could lead to denial of service attacks, or worse, to loss of sensitive data stored on the system. In order to protect themselves from this critical security vulnerability, organisations are advised to apply the Microsoft patch and take further steps to ensure both the immediate and longer-term security of their IT infrastructure.

To find out how to secure your IT infrastructure in relation to this critical security vulnerability, click here ]]> http://www.corporate.7safe.com/responding-to-the-ms12-020-security-vulnerability/feed 0 http://www.corporate.7safe.com/cyber-experts-share-insights-into-why-cyber-security-is-no-longer-just-a-technical-issue-2?utm_source=rss&utm_medium=rss&utm_campaign=cyber-experts-share-insights-into-why-cyber-security-is-no-longer-just-a-technical-issue-2 http://www.corporate.7safe.com/cyber-experts-share-insights-into-why-cyber-security-is-no-longer-just-a-technical-issue-2#comments Thu, 08 Mar 2012 10:57:52 +0000 safe7or http://www.corporate.7safe.com/?p=1280

Cyber business is considered a main engine for future economic growth and the opportunity to use related technologies, such as the cloud, to reduce costs is a key part of the agenda for many organisations. Yet cyber crime is also increasing as are the indications that it is still not being treated seriously or is simply regarded as a problem for the IT department to worry about.

London Stock Exchange figures indicate that nearly £125 trillion is traded electronically in London in a typical month, which makes the UK a significant target for cyber-attack. At present, this risk is not being fully managed, creating fears that the country could be being systematically pillaged in cyberspace. Yet because the hype often drowns out the facts, because there is a clear vested interest behind many of the reports on the scale of the problem and because most people think risk is primarily an IT problem, the issue is not getting the attention it deserves and not being treated as one that concerns people, reputations and brands.

Roughly 80 per cent of the value of a typical company is exposed in cyberspace.  There have been enough cases for us to know that a typical advanced attack costs the victim in excess of £100 million, with an average of 12 per cent wiped off the market cap of a company in the immediate public aftermath.

London Stock Exchange figures indicate that nearly £125 trillion is traded electronically in London in a typical month, which makes the UK a significant target for cyber-attack.At present, this risk is not being fully managed, creating fears that the country could be being systematically pillaged in cyberspace. Yet because the hype often drowns out the facts, because there is a clear vested interest behind many of the reports on the scale of the problem and because most people think risk is primarily an IT problem, the issue is not getting the attention it deserves and not being treated as one that concerns people, reputations and brands.

Roughly 80 per cent of the value of a typical company is exposed in cyberspace. There have been enough cases for us to know that a typical advanced attack costs the victim in excess of £100 million, with an average of 12 per cent wiped off the market cap of a company in the immediate public aftermath.

The scale of the risk deserves to be managed at board level within companies yet typically it isn’t – or not at least until after a major attack has been discovered, when the cost of resolving the problem becomes much greater than it would have been had adequate protection measures been in place. As with so many things, taking proactive action is a better strategy than battening down the hatches and hoping to avoid it.

To tackle the problem the UK Government is investing £650 million in a national cyber security programme. One of the top challenges will be how to persuade the private sector to do more in this area. Options being considered include regulation, tax incentives, sharing more information about ongoing attacks, new standards and accreditation schemes and mandating suppliers to raise their game. Yet there are some simple practical steps that every organisation can take to mitigate against the risk.

Enabling a targeted response. Working in the digital age has increased the exposure of a business and its assets, and in ways that are not always recognised. For example, by using an iPhone application, someone can feasibly assume remote control of certain types of car, starting and stopping the engine, applying the brakes, controlling its speed and retuning the engine. This is made possible because the alarm system for the car uses a 3G mobile phone module, which links its electronic management system to cyberspace. In a typical office, similar technology can be used to compromise a photocopier. As a result, businesses need to think very carefully about how they are vulnerable and the degree to which risks are being taken. It is worth remembering that technical security solutions in the market can generally only respond to problems that are already known about. A “zero-day attack” – which exploits IT vulnerabilities unknown to the software developer – will usually succeed. Furthermore, in cyberspace, it is possible for one person to bring a company down, and from the convenience of their sofa at home: there are enough people out there who might be tempted and the tools they need are often just a click away. Most attacks are opportunist in nature and not targeted, so simple “hygiene measures” such as keeping software patches up to date will provide good protection. However, research organisation Gartner estimates that one in 20 pieces of executable code on the typical corporate network is malware that has escaped all technical controls. Addressing the people problem. In almost every major cyber-attack, there is evidence of a perfectly good policy or security control not being followed. So cyber is not just a technology challenge: the people and cultural aspects have to be fixed too as there is little value in implementing measures that are counter to the way people behave and think. For example, randomly generated passwords may be hard to crack, but most people have to write them down to remember them, which defeats their purpose. In addition, the technical bit of an attack – breaking into a network – is usually relatively easy for a professional and can be a five-minute job. At the same time, finding and extracting something of value is more difficult and time consuming and may take up to two years of work. In these instances, insider help (whether knowing or manipulated) is often used to short-cut the process. This happens in around half of all advanced attacks. To counter this organisations need to evaluate who can be trusted most and balance controls with appropriate monitoring and after an incident track back and identify things that should have been spotted before which may help both deter and prevent such problems. Over many years, the threat has changed in terms of its prevalence and complexity, but the underlying methods are largely the same as they have always been. This is why we should come to expect an increase in custom malware attacks like Stuxnet, the worm discovered last year that targets controls of industrial facilities. Obviously greater connectivity is leading to wider opportunity, and the tools for hackers have become commoditised, making it easier for anyone to enter the market. For example, social media is making it easier for hackers to connect and orchestrate crimes together, and on a much larger scale. As a result attackers increasingly take advantage of the tendency of (especially younger) people who volunteer their every personal detail to social networks by committing large-scale fraud and identity theft. This is why social media companies will increasingly come under scrutiny as they attempt to balance making profits against the need to protect their subscriber data. The ubiquity and growing reliance on smart phones is driving a massive demand for third-party apps, many of which are functional yet highly insecure, giving rise to software that has access to people’s contacts, tracking where they are and where they go on the web. Yet as we look to the future, improved awareness is likely to reduce the number of opportunist attacks. Moves to improve international co-operation and to introduce new legislation around privacy and better online identity management will, over time, help to act as a brake. However, the capability and resources available to certain governments and to organised crime gangs suggests that targeted cyber-attacks will continue to occur, and that inevitably some will be catastrophic. Good social responsibility is already proving key for large organisations in avoiding becoming a target. The rise of intelligence-led security and better focused investment based on a risk and resilience approach is also likely to pay dividends. As is the expected consolidation of supplier markets, as many SMEs are acquired and merged into larger players, so diversifying and rounding their security offers to customers. Conclusion. The market is shifting slowly, as the limitations of technology are better understood and as more experts learn to work with the new paradigms. Suppliers are waking up to the additional value of offering safer products and services, which feature appropriate security from the outset. Customers are seeking better protection and governments are looking to make places like the UK safer place to do business. Ultimately, however, success will depend upon persuading the people in an organisation that cyber security is something that must be taken seriously. Authors: Edward Savage, cyber security expert, PA Consulting Group and Alan Phillips, cyber security expert, PA Consulting Group For more information on tackling the challenges of cyber security, visit www.paconsulting.com/cybersecurity

To schedule a meeting with Sumit during the conference, please contact us now.

Sumit is a specialist in application and database security, an industry-renowned security researcher and head of penetration testing at 7Safe, part of PA Consulting Group. He will be joined by Tom Forbes, 7safe research analyst, who has been working on the XPATH project during recent months.

Sumit  will share his insights and experience around penetration testing by demonstrating advanced exploitation techniques and the resulting threats to businesses. The talk will provide a unique opportunity for attendees to gain in-depth knowledge about security vulnerabilities in XPATH 2.0

Attackers are obtaining confidential data from organisations by exploiting XPATH injection vulnerability and Sumit and Tom will present a number of real-life examples showing how attackers can do this. To conclude, they will release an innovative open-source tool that can be used to automate the exploitation of this vulnerability, helping you to establish whether your organisation is exposed to risks posed by a xpath injection vulnerability under XPATH 2.0 .

To find out more about how PA can help your organisation use the latest penetration testing techniques to improve its security and resilience in cyber space, please contact us now.