ITx 2018 Conference Programme

Jump to: Wednesday 11th | Thursday 12th | Friday 13th

Using a mobile device?
Visit programme on mobile site

The ITx 2018 Programme may change without notice


Where are the Cybersecurity Skills?

Wednesday 12:20pm - 12:50pm, ITP Conference (Room 1 (Designertech))

Many organisations fail to deliver a comprehensive cybersecurity capability owing to skills gaps. In this session, you’ll explore how to define and assess the skills needed and manage the skills gap to build or enhance your cyber security capability.

Achieving maturity in any capability requires understanding the skills required to plan, build, operate, monitor, and manage that capability. Leveraging existing recognised frameworks such as the NIST Cyber Security Framework (CSF) can be a great help to organisations seeking to develop a such a capability.

The NIST CSF provides a high-level guidance on an implementation approach that is very well complemented by resources such as ISACA’s “Implementing the NIST Cyber Security Framework”. However one of the major challenges remains how to define and assess the skills required to deliver the capability, and how to manage the skills-gap that inevitably exists.

SFIA (the Skills Framework for the Information Age) is an industry recognised framework that describes the skills needed by staff. SFIAv6 saw significant enhancements to the framework to address new cybersecurity skills and enhance existing skill descriptions with security responsibilities and it is expected that SFIAv7 will continue to further identify and support cybersecurity skills. SFIA describe skills in a way that facilitates both evaluation of the skills needed to deliver capabilities and the assessment of individual and team capability in a coherent way.

Building on the extensive experience of using the SFIA and COBIT frameworks in organisational design, recent experience of using the NIST CSF, (and having mapped COBIT and the NIST CSF against SFIA), the session will be focused highlighting the transferable skills that can be deployed in cybersecurity and how they might be identified.


Daniel Merriott

Principal Consultant, BSMImpact

Daniel Merriott is a Principal Consultant for BSMimpact, based in Auckland.
With nearly 20 years experience in IT management and consultancy, and being certified in ITIL, COBIT, VeriSM, and SIAM, Daniel's focus is helping organisations leverage and integrate these frameworks to suit their operating needs.
He is also a Certified Management Consultant, Chartered IT Professional, a Fellow of several professional bodies, as well as Certified in Governance Enterprise IT and a Certified Information Systems Auditor. He is an Accredited SFIA Consultant and trainer and is a member of the SFIA Council.