Placement & Outsourcing

Cygnos' resource pool consists of over 100 highly qualified and experienced professionals.

Cygnos has developed a solid and proven HR process for attracting, qualifying, and maintaining the highest quality resources. Because of this proven methodology, Cygnos is able to provide clients with the most qualified resources in the industry. In addition, this methodology ensures a fast turnaround time upon a request from a customer.

Examples of our resource pool include the following 13 different Resource Categories listed below:

  1. Application Security Analyst
  2. Business Resumption Planning — Business Continuity Planning (BRP-BCP) Engineer
  3. Forensics Specialist
  4. Threat Risk Assessment Specialist
  5. Information Technology Security (ITS) Penetration Testing and Vulnerability Specialists
  6. Information Technology Security (ITS) Policy Analyst
  7. Information Technology Security (ITS) Project Manager
  8. Intrusion Detection System (IDS) Architect
  9. Physical Security Specialist
  10. PKI Specialist
  11. Security Analyst/Architect
  12. Security Product/R&D Specialist
  13. IT Security Trainers/ Instructors and Course Developers

1.  Application Security Analyst

The ability to read and understand different code languages such as Java, C++, Visual Basic etc. An understanding of Web servers and backend databases is alsorequired. The Application Security Analyst is able to define coding rules that fit with Security Policies as well as include generic rules not always followed by programmers. They review existing code for vulnerabilities such as buffer overflows, trojans, general security structures and user rights at the application, database and server levels. The Analyst has the added responsibility of detailing and documenting findings in an audit so that problem areas that have been revealed also show how they should be fixed. This includes best practices.

back to top

2.  Business Resumption Planning — Business Continuity Planning (BRP-BCP) Engineer

Capable of advising clients on planning for recovery from accidental business outages due to serious failure of mission-critical IT services. A strong understanding of BRP/BCP methodologies and testing plans is critical, as well as knowledge of technologies (backup/recovery, high availability, connectivity and line of business applications). Strong documentation skills in building test plans, procedures, and recovery documents are necessary, as well as good communications and interview skills. The planning of offsite facilities is also many times included in the overall process.

back to top

3.  Forensics Specialist

The forensic specialist will assist organizations in investigating computer crime and other suspicious computer activity. Our forensic specialists are technologically competent and trained on handling computer evidence and communicating their findings in an efficient and effective manner. Forensics includes items such as:

  • The recovery of information from digital resources including RAM, hard drives, tapes,
  • Evidence handling and chain of custody procedures;
  • Investigation and analysis of system, security and application logs;
  • Interviewing personnel and review organizational procedures and policies to see if all items have been adhered to;
  • Understanding of cutting edge hacker methodologies, exploits and tools;
  • Excellent writing and communication skills and ability to present findings in a report, which maybe used in the court of law.

back to top

4.  Threat Risk Assessment Specialist

A Threat Risk Assessment specialist plays an integral role in the identification of a client organization's information assets and risks that threaten those assets. This includes the identification of:

  • Assets deemed worthy of protection.
  • The sensitivity, risk and likelihood of threats.
  • A cost/Impact of a potential compromise.
  • A comparative assessment - Prevention costs versus Cost of recovery from an attack
  • Their main objective is to determine which critical assets of an organization are most at risk, and document recommendations for safeguards that will reduce the identified risks to acceptable levels.

back to top

5.  Information Technology Security (ITS) Penetration Testing and Vulnerability Specialists

A Vulnerability Assessment Specialist identifies security weaknesses and strengths of the client's systems and networks as they appear to outsiders as well as internal users operating within the client's security perimeter. The goal is to demonstrate the existence or absence of known vulnerabilities that could be exploited by authorized internal users, or external hackers alike. This specialist must have familiarity with specialized auditing tools, be conversant with testing methodologies, and have strong documentation skills. Strong, applied technical skills and industry certifications are expected. This resource is involved in T/RA's, and Audits.

back to top

6.  Information Technology Security (ITS) Policy Analyst

The Policy analyst must have the ability to read and interpret existing policy as well as create or recommend new or changes to policy. The analyst must understand the impact of policy on both the business and technology sides of an organization. Many times policy can create a domino effect where one small change can ripple and topple other existing standards. Therefore policy must be somehow tested to ensure its application works and that its potential side effects, if any, are understood and accounted for. Aspects that should be considered in Policy are Service Level Agreement's (SLA's), ROI and BRP-BCP. Policy should also reflect Threat and Risk. The policy analyst must be conversant with Government of Canada policies and standards.

back to top

7.  Information Technology Security (ITS) Project Manager

The ITS PM needs to have a sound understanding of Security in general. They must understand the complexities of security and its effects on work performance and loads. Although a detailed knowledge of all security areas would be beneficial, the ITS PM is more of a generalist and has the ability to organize these functional areas and people into a single cohesive system. Creating workshops, attending meetings and other common PM duties are also part of the ITS PM's responsibilities. The ITS PM is responsible for managing T/RAs, Audits and large-scale secure deployments.

back to top

8.  Intrusion Detection System (IDS) Architect

An Intrusion Detection System Architect is capable of advising and designing Intrusion Detection System capability within the framework of clients' security policies. An understanding of multiple IDS systems, their functionality and how they each would fit into an organizations existing security infrastructure are always required. Both Network and Host systems are used and therefore an understanding of the significance of both, their interoperation and their operation/impact on the entire system must be understood. The number of alerts created by IDS can be huge. The ability to set baselines, filters and cross references on alerts, between systems, to reduce their number is paramount.

back to top

9.  Physical Security Specialist

Physical security reviews the house that systems reside in. Whether biometrics are required for access, wires in ceilings, code locks on doors etc are needed and where such security hardware is placed. Redundancy in systems is also of importance as well as breakdowns of intrusion scenarios so that 'next steps' and 'preventative steps' are documented and understood.

back to top

10.  PKI Specialist

Highly detailed level is required. The use of keys, types of keys, methodologies and configuration of systems using PKI must be understood. Software, such as Entrust, must be in the specialist repertoire of tools and how it is used and impacts applications, mail etc must not only be clearly understood but the specialist must be able to make others aware of the use of PKI, its implications and overall administration and maintenance. Trust relationships are key to PKI and the specialist must also be able to create matrixes of requirements that can and will aide in the adoption of partners.

back to top

11.  Security Analyst/Architect

The Security analyst/architect is not unlike the ITS Project Management. The difference is that the organizational ability is at a technology detail level. The knowledge of all security areas is required coupled with the ability to map security policy requirements down to technological security solutions. The inter-relationships between security areas are also required. The analyst/architect is like a puzzle master. They must be able to understand all facets of each security domain and piece them together so they fit seamlessly and work together as a single cohesive system. This is a key resource in delivering T/RAs and Audits.

back to top

12.  Security Product/R&D Specialist

A security product analyst performs in-depth analysis of emerging security products and protocols. The objective being to assist clients in choosing and deploying the product that is best suited to their security and is capable of integrating with it. Knowledge of testing tools, and Common Criteria are beneficial.

back to top

13.  Security Trainer/Security Instructors

Security Instructors deliver a series of IT Security courses on a variety of subjects. They may also be responsible for assisting in the development, quality control and editing of course materials. Security Trainers/Security Instructors may also assist with other IT security projects outside of their training/instructing and course development duties.

back to top


Why Invest in Security?

Click above to download our brochure in Adobe Acrobat PDF format

Security Leadership Seminar

BHI & Cygnos IT Security

Contact us | Privacy Statement | Site map
This site is best viewed in 1024x768 resolution