Hi Everyone

daveadams

I've been in IT since the early 90's as a hobby but things became more serious in 2019 when my current employer put me in charge of IT, cybersecurity and security awareness at our small company.  Been hitting the books, videos, blogs, and, more recently, an InfosecSkills subscription.  Goal is to get A+, Network+, and Security+ certified, but I always keep my options open.

JDMurray

Welcome! It sounds like you work at a very small company.

TechGromit

Er so your in charge of cyber security at your firm and you have no training or qualifications in cyber security? I'm guessing this is Mom and Pop shop?   

daveadams

Yes, we are a small outfit in Kentucky.  Sorry I made it sound like I'm new this, I am not.  I've completed a great deal of training over the past 2-3 years, not to mention my previous training and experience as a hobbyist in IT and computer programming since the 90's, and a more serious hobbyist since 2009.  Over the last 1-2 years, I have consumed my fair share of cyber security training as well, all online, primarily at Carnegie Mellon and Skillsoft.  The company is a small corporation with a board of directors, and we have about fifteen employees at two locations.  We had more employees and 3 locations at one time, but times have changed.  I decided more recently that it's past time for some certs and I am working on that as well as advancing my skillsets.

JDMurray

It sounds like your biggest challenge will be to control when/where/how your critical business information is stored, transferred, processed, and accessed. Because you have so few (human) resources to manage IT and security controls, and (I assume) no programmers to develop custom business security solutions, you will need to use external security providers for most of your security monitoring/response needs. Your biggest need now to understand how small businesses work with Managed Security Service Providers to architect and operate cybersecurity solutions and how you procure the budget to do that.