Cynam

Categories
News Uncategorized

Sopra Steria announced as CyNam Silver Sponsor 2021/22

Sopra Steria and CyNam announce a new strategic partnership for 2021/22

Sustainability is at the heart of everything Sopra Steria and CyNam value and do, with both organisations committed to values-driven business practices and making positive impact on the economy, society and the environment.

Sopra Steria’s support will help to further CyNam’s cyber skills and growth objectives, both funding a new role to invest in Gloucestershire’s skills development and providing a platform to promote the value of apprenticeship programmes to its cyber community.

As well as supporting CyNam’s mission to nurture local talent, Sopra Steria will play a central role in CyNam’s landmark October event, hold its own roundtable session for the community and jointly produce thought leadership content to benefit the cyber technology ecosystem in Gloucestershire and beyond.

Sue-Ellen Wright, Managing Director of Sopra Steria’s Aerospace, Defence and Security business, commented: “CyNam’s promotion of home-grown cyber talent is a really important endeavour that we wholeheartedly champion at Sopra Steria through our UK talent programmes. We look forward to supporting CyNam’s mission, which ultimately serves to benefit our communities and protect our national interest.”

Madeline Howard, Chair and Director of CyNam, commented: “We’re absolutely delighted Sopra Steria are continuing to support CyNam. They have been excellent partner for the last few years in supporting our strategic initiatives and have enabled us to do some great work for our community. We’re excited to be continuing our journey together and are looking forward to see what we can achieve.”

Categories
News Uncategorized

A day in the life of…… A CGI Escape Room Gamesmaster!

Written by Katie Roden

People are excellent at talking. We talk about all sorts of things all the time. When it comes to important decisions, we spend hours deliberating and working out pros and cons. Communication is vital, but we run out of time to take action if we spend too long talking. This is often the case for topics of the utmost importance. As an industry, we frequently discuss education and how we are inducting the next generation of potential candidates into STEM and Cyber. We all know a delta between the number of candidates available and the sheer volume of roles our industry advertises. So, naturally, we talk about it. It’s an important topic, so why wouldn’t we? But, what are we doing to tackle this challenge?

CGI created Cyber Escape to help employees, schools, clients and anyone else who wanted to give it a try understand potential cyber security risks. The aim was to create a fun and engaging way of learning.

There were four key focus areas for the escape room:

• Phishing

• Physical Security

• Social Media

• Attack Mitigation

Just as the Cheltenham Science Festival was in full swing, the CGI Escape Room landed at All Saints Academy. This was the inaugural excursion from its home of Chippenham. We were excited to get groups through it to put it to the test and see the value it could offer. Don’t worry, I’m not going to detail the challenges and what tasks are in the escape room. That would spoil the fun! But, the aim is to escape within 60 minutes

As one of the games masters (GM) facilitating, I was there multiple times a week throughout its visit. The role of the GM was to introduce the groups to challenge, set the scene, watch the groups and offer support if they hit major blockers and debrief the group at the end of the session. After each run was complete, GMs had to reset everything and, because of the joy that is COVID-19, clean EVERYTHING. All so this could be repeated for the next group.

The first week was an unprecedented heatwave in the UK, and with the escape room being in a metal shipping container, this led to some unforeseen challenges that added to the GM role. We needed to ensure that the escape room didn’t get too hot (strategic fans everywhere), we set up a shaded area for the introduction and debrief to allow groups to get some respite for the sun, we learned that locks and keys could sometimes get a lot harder to turn when the metal in the mechanism has slightly expanded due to the heat. But what is a live performance without a few teething problems, and luckily, Great British Summertime being what it is, we soon returned to the cooler, rainier climate that we’re all used to, and all those problems went away.

I have to say that it was hard not to get caught up in the game aspect. It was an incredibly enjoyable experience, and I found it great to see how the different groups adapted to the different learning environments. For example, it seemed that student groups approached the tasks very differently from the adult groups. Team dynamics changed with the tasks; some natural leaders are demonstrating their skills for delegation while other self-organising teams used utterly different communication styles. We had groups who were already heavily embedded in STEM subjects and some novices who were giving it a go. Groups of 5 (the max for COVID compliance), groups of 3 or 4, teachers, students, adults, clients, friends; I don’t think any two groups tackled the escape room in the same way. All of this was truly fascinating to watch.

After each run-through, we debriefed participants and emphasised the challenges focused on and how they connected to the key learning outcomes. This quickly and naturally transitioned into questions about Cyber and our roles within the industry. And oh boy, did we get questions! We also got so much feedback. All Saints Academy teachers told us that school students were contacting them asking how they could go on the escape room. There were discussions in the playground about which team got the higher score or which teams escaped and which didn’t. The teachers were booking some of the after school sessions because they didn’t want the kids to have all the fun! Some non-school bookings were made as a result of groups hearing about other groups doing it and wanting to have a go. People were talking about the CGI who had never previously heard of us.

I started this piece by highlighting we talk a lot – that’s not a bad thing. Now, we need to start doing more. Together! If the CGI Cyber Escape demonstrates anything, its shows that the way we engage matters! To get this many questions from an hour activity, imagine what we could do if we, as an industry, contributed similar ideas to the curriculum or engaged with the public less abstractly.

CyNam, CyberFirst, UKC3, the Golden Valley Development and Cheltenham Science Festival are fantastic platforms for coming together and solving problems. We could address the recruitment and talent crisis we see in our industry. We could address real-life challenges that people experience daily. We could do something completely new and different. But…
In order to do any of this, we have to change the way we think about these problems and work together to resolve them.

4 weeks, 63 school groups, 28 adult groups, 1 CGI Cyber Escape and a new way of thinking moving forwards?

Categories
News Uncategorized

We’re Hiring! Cyber Skills Growth and Enterprise Co-ordinator role available.

CyNam is recruiting for the new role of Cyber Skills Growth Lead & Enterprise Co-Ordinator – Cyber and Digital.

Salary Range: £30,000-£40,000 per annum, depending on experience

Enterprise Co-ordinators play a key role in The Careers & Enterprise Company’s national programme and are critical to achieving its aim of motivating, inspiring and supporting young people in making informed choices about their future and help them achieve against those choices. Employed by CyNam and working alongside GFirst LEP’s Careers Hub team, you will engage and connect schools and colleges with businesses and initiatives to encourage young people to learn more about and develop skills and careers in cyber, digital and other growth sectors across Gloucestershire.

We are seeking someone who will:

Co-ordinate, project-manage and implement a range of careers and skills projects and initiatives across Gloucestershire. These will mainly focus on the cyber and digital sector and will also support other growth sectors in the County.

Contribute to the writing and updating of relevant local employment and skills strategies and action plans

Collaborate and share best-practice with a range of stakeholders across the county, including the NCSC’s Cyber First programme as well as other cyber clusters across the UK

Work with local employers, LEP business groups and colleagues to gather intelligence about employment and recruitment needs and trends, skills gaps and skills shortages in businesses of all sizes and sectors across Gloucestershire

You will work closely with the CyNam Directors and team members, members of the GFirst LEP Careers Hub team, local and national employment, skills and training providers and employers. Funding for the post is initially to 31st August 2022 and we are actively seeking to extend this.

CyNam will be the employer and this role is funded and co-ordinated through a partnership of CyNam, Capita, the Careers & Enterprise Company, and GFirst LEP.

This is a varied and interesting role in a dynamic environment requiring excellent communication and stakeholder management skills, team work and the ability to prioritise, manage, deliver and report on tasks and projects across a wide range of stakeholders. You will also need experience of the cyber and/or digital sectors and an understanding of the education sector. Knowledge of existing national cyber skills initiatives would be advantageous.

Please send your CV with a brief covering letter explaining your suitability for the role to [email protected]

Secondments, particularly from the Cyber or Digital sectors, are very much welcomed.

The deadline for applications is midnight on 6th July. Interviews will take place on 15th July

A copy of the job description and person specification can be found here Cyber Skills Growth & Enterprise Coord JD

Please see the following for further information about some of our work in Gloucestershire: https://CyNam.org/ https://www.gloscareershub.com/ https://www.gfirstlep.com/about-us/skills-for-business/

Categories
News Uncategorized

UK Cyber Clusters to collaborate with Public Sector, Academia and Industry through newly launched UKC3

UK Cyber Cluster Collaboration (UKC3) has been launched to support Cyber Clusters and encourage greater collaboration across regions and nations of the UK.

A new organisation called UK Cyber Cluster Collaboration (UKC3) has been launched to support economic growth in the UK cyber security industry. UKC3 will deliver initiatives and programmes designed to stimulate innovation and support the development of cyber skills, coordinating with government, industry bodies and UK Cyber Clusters. The organisation will provide a single interface for industry stakeholders to engage with the UK’s Cyber Cluster network.

The organisation will be fundamental in spurring economic growth and cyber sector prosperity across the regions and nations of the UK and aims to play an important part in both levelling-up and the post-Covid 19 recovery.

UKC3 will act as a single voice for the Cyber Cluster network, engaging with public sector, academia and industry to inform and support the national cyber strategy with a regional perspective.

Acting as a national organisation for Cyber Clusters across the country, UKC3 will officially recognise Cyber Clusters that operate in line with UKC3’s agreed Operating Framework. The framework will set out the principles and outcomes Clusters work towards through activities and initiatives that deliver Cyber sector growth in their region. The UKC3 will encourage collaboration and knowledge exchange between Clusters in order to amplify the outcomes being delivered locally to create impact at a national level.

Through funding and knowledge exchange, UKC3 will facilitate innovation, ecosystem development and cyber skills growth

Commenting on this announcement, UKC3’s Chair, Richard Yorke said “On behalf of the board, I’m delighted to be announcing the UKC3 launch today.
The UK’s thriving cyber sector is recognised as world leading and through greater collaboration, innovation and skills development we have a real opportunity to deliver growth that benefits businesses and individual citizens across the UK.

Cyber Clusters are playing a vital role in the development of the sector in their region and the UKC3 has been established to fund and support their work as well as encouraging greater collaboration across the UK ecosystem. My colleagues and I will work with public sector, academia and industry bodies to represent Clusters in national Cyber policy making and provide stakeholders with a single entity to engage the Cluster community.

This is an exciting and pivotal time for the Cyber industry and I encourage organisations to engage with us to drive growth in the sector.”

The organisation’s board is made up of Cyber Cluster leads from across the UK including: Richard Yorke (Cyber Cheltenham – CyNam) – as Chair of UKC3, Phil Jackman (Cyber North/North East Cyber Cluster) – Treasurer and Secretariat, Melanie Oldham (Yorkshire Cyber Security Cluster) as Vice Chair and Stakeholder Management/Communications, Ciara Mitchell (ScotlandIS Cyber) leading on Ecosystem Development, Linda Smith (Midlands Cyber), leading on Innovation and John Davies (Cyber Wales/South Wales Cyber Cluster) leading on Skills Growth. In addition, an Advisory Group has been established with further Cluster representatives.

A new funding opportunity will be announced soon, aimed at supporting the work of Cyber Clusters and the important role they play in contributing to the growth of the Cyber sector within their locality.

Categories
News Uncategorized

CyNam 21.2 – Smart Cyber: Securing the IoT and the cities of the future

    • CyNam announces their second event of the year, which will take place on June 10.
    • The virtual event will explore IoT and smart cities and what it means for the cyber industry.
    • Research suggests smart cities will be key to future economic growth following the pandemic.

 

CyNam 21.2 – Smart Cyber: Securing the IoT and the cities of the future

 

The global smart cities market is expected to double by 2025 and could help governments to navigate their way out of pandemic according to Research and Markets. CyNam 21.2 – Smart Cyber: Securing the IoT and the cities of the future takes place virtually on June 10 and will see discussions, Q&As and unique insight from leading cyber experts, exploring the Internet of Things (IoT) and how cyber innovation can help enable smart cities of the future. The event is for anyone interested in growing their cyber knowledge, including professionals or students with an interest in the cyber sector and digital transformation.

Smart cities is a ‘hot’ topic at CyNam 21.2

Delivered in partnership with the Cheltenham Science Festival, the event will be streamed live from Hub8, a co-working space in Cheltenham dedicated to the flourishing cyber-tech sector, with a range of physical and virtual presentations. Details for the first discussions have been announced, including headline sessions from Information Security Group’s Professor Lizzie Coles-Kemp and Ladies of Cheltenham Hacking Society’s Sophia McCall. Topics explore what welcoming and trusting smart cities look like and whether future cars will be safe. Further details about the agenda will be announced throughout the month, including sessions from sponsors Field Effect and IBM, and CGI, the headline sponsor.

In response to Covid, CyNam quickly adapted and took their events online where the showcase has reached new audiences. CyNam 21.1 saw people tuning in from across the globe to discover the latest developments in Cheltenham’s cyber scene. Previous organisations presenting at CyNam’s events have included Microsoft, Central Government, Ripjar and Sage to name just a few.

Challenges and opportunities of smart cities in a IoT world

Richard Yorke, Director at CyNam, said:

“With the enabling 5G and IoT technology evolving at pace, smart cities are rapidly becoming a reality and will impact all aspects of life. Well-designed security is paramount and key to building the trust needed for smart cities to work for citizens and businesses alike. Our summer event promises to be full of interesting discussion around these challenges and how the UK’s cyber sector can safeguard smart cities from future breaches as well as showcasing emerging technology in this space. If you have an interest in cyber, this is not one to be missed.”

Register to CyNam 21.2

Registration for CyNam 21.2 is now open, with the two-hour conference taking place from 6:00 pm to 8:00 pm BST. The organisation brings together Cheltenham’s cyber cluster, enabling opportunities for networking, innovation and collaboration from start-ups to multinational brands. After their March event, students who took part in the showcase were later offered job opportunities in top cyber security firms, demonstrating how CyNam helps people to enter the cyber-tech sector regardless of age, gender or background.

Find out more and register on Eventbrite.

Categories
Blog News

Students who took part in CyNam event offered “foot in the door” cyber sector opportunities

 

The future’s looking brighter for a group of Gloucestershire students who took part in an online cyber security showcase event.

The industry event was organised and hosted by CyNam (Cyber Cheltenham) to look at data breaches and ways to tackle cyber criminals.

The session “The Privacy Paradox” was dedicated to highlighting and exploring the opinions and attitudes of young people in relation to data breaches.

 

Students found training and job opportunities in cyber security firms

 

And, with around 1,500 senior cyber security decision makers from Gloucestershire and the UK signed up to watch the event virtually, it was the perfect platform for the students.

“We encouraged the students that if they were genuinely interested in having careers in cyber and digital technology then they should make that known during the webcast,” said Madeline Howard, Director of CyNam.

“One by one, when it was their time to talk, they spoke passionately about their hope for the future and desire to connect with those watching the event live.

 

“I’m thrilled to say that several of those young people have now had an offer of training, work experience and potential apprenticeship opportunities thanks to their appearance on our student panel, proving the old adage that if you don’t ask you won’t get!”

Sam, who attends Wyedean School and who took part in the panel said: “Speaking at CyNam 21.1 ‘Data breaches – Are they the new normal?’ was an incredible opportunity for me. 

“It was a wonderful chance to learn more about a field that fascinates me while also allowing me to showcase and develop my public speaking skills. 

“Lockdown has limited networking opportunities, so it was great to be able to meet up with new and familiar faces. 

“After the student panel session, I was lucky enough to be offered work experience by a couple of the companies that were in the audience.”

CyNam growing Cheltenham’s cyber security industry through networking

CyNam exists to help cyber companies within the Cheltenham and Gloucestershire business community to make connections, find the right support and ultimately grow. 

It is a vital independent platform within the wider Cheltenham ecosystem; enabling networking, innovation and collaboration for the cyber technology industry, with an aim to establish Cheltenham as the cyber hub of the UK.  

Madeline continued: “A major part of our work is geared towards ensuring there are amazing opportunities being created for young people now and for future generations.

That’s why we had the student panel on our virtual event, to know those young people have been able to get a foot in the door of the cyber sector is very gratifying.”

If lockdown restrictions are fully lifted, the next CyNam event will be a mixture of virtual and real-life and takes place in June to coincide with Cheltenham Science Festival.

To find out more information go to www.cynam.org 

Categories
News Uncategorized

CGI announced as 2021 Gold Industry Sponsor of CyNam

We are delighted to announce that our Gold Industry Sponsor for this year is CGI.

Here at CyNam we are excited about the partnership and are committed to delivering great content over the year in partnership with CGI.
CGI already have a fantastic footing in the community with their involvement in the Cyber Schools initiative, a strong apprenticeship scheme and a deeply embedded CSR strategy, which makes them ideal partners for CyNam to help make a positive difference within the ecosystem.

It gives us great pleasure to share our first piece of content from our new 2021 Industry Sponsor CGI.

CyNam Chairman Chris Dunning-Walton and CyNam Director Paul Bentham are joined by CGI President of UK Operations, Tara McGeehan and Head Advisory – Director of Consulting Services, John “JW” Wariner – in a brilliantly upbeat conversation about “Collaboration vs Competition” and so much more!

About CGI

Founded in 1976, CGI is among the largest IT and business consulting services firms in the world. They are insights-driven and outcomes-based to help accelerate returns on your investments. Across 21 industries in 400 locations worldwide, they provide comprehensive, scalable and sustainable IT and business consulting services that are informed globally and delivered locally.

Find out more here

Categories
Blog News Uncategorized

Talking Cyber Resilience with Capita – A Fireside Chat

In this blog, CyNam Chairman Chris Dunning Walton talks cyber resilience with Paul Key, Group Chief Information Security Officer (CISO) for Capita. They explore the subject of what cyber resilience is and how it interacts in the wider cyber security conversation.

Paul Key is an accomplished security professional with over 30 years’ experience of strategy, leadership and communication at all levels, his background allows him to understand a wide range of business, privacy, cyber, security and IT issues covering architecture, service delivery, governance, risk & Compliance, technical, infrastructure, physical security, application / data security, policies & processes, strategy and business continuity planning, in both traditional and agile working environments.
Paul believes the way forward in security is to build relationships, listen, communicate and work together to overcome the multiple threats and challenges that face organisations today. Security is a team effort; we all need to be involved.

CDW: Paul, today we are going to talk about Cyber Resilience – let’s set the scene. What do you see as the difference between cybersecurity and cyber resilience – and why does cyber resilience matter?

PK: Let us start with the difference, Cyber Security is about getting the foundations right, making sure your business has the right people, processes, and technology in place to defend and reduce the possibility of cybercriminals getting into your organisation or disrupt your business. If we look at the NIST framework, in my eyes this would be the Identify, Protect & Detect elements.

Cyber Resilience is about how your organisation will prepare for and respond to an attack or cyber incident. Again, looking at the NIST framework, this would be the Respond & Recover elements.

So why does Cyber Resilience matter? It is a great question.

As we all know, you can never be 100% secure, there is always somebody out there that can breach a security control, due to this, organisations need to do everything they can to be able to respond appropriately to an incident or attack. Response needs to be structured, controlled, and delivered in the right way and at the right speed to reduce the impact on your organisation.

However, Cyber Resilience is not all about responding and recovering. It also includes continuous testing and improving the technology as well as the people and processes involved in all aspects of cyber and information security for your organisation 24×7.

CDW: Do you see Cyber Resilience as a part of Cyber Security or vice versa – e.g. is cybersecurity (keeping them out) just a part of wider cyber resilience? 

PK: It’s a good question, I see that Cyber Resilience is the glue that keeps the cybersecurity elements together, as mentioned in the previous question, cyber resilience needs to include the continuous checking, improving and updating to maintain the right level of controls and posture for the organisation.

If we did not do this, the effectiveness of the controls would reduce over time as the threats change and increase.

CDW: So why do you think Cyber Resilience matters today?

PK: As said, we can never be 100% secure, there is always somebody out there that can breach a security control. Organisations need to have a leg in either camp – cybersecurity and cyber resilience.

Depending on the maturity of the organisation this will depend on where the focus is required, security or resilience.

Looking back to 2020, according to a report from Mimecast ‘the state of Email security report 2020’ 31% of organisations experienced data loss due to the lack of cyber resilience preparedness. I suspect this number is a lot higher across the globe. Organisations need to shift their thinking around security and cyber controls, it needs to move on from an IT issue to a business issue that touches every department function and employee in an organisation.

CDW: What are the key building blocks to developing an effective cyber resilience programme? How has Capita gone about this?

PK: There are many views over what makes an effective cyber resilience programme, in my view breaks it down into 5 building blocks – however before we look at those 5 blocks, we need to recognise and understand that people play a part in everything we do. We must not forget the human side of security.

Education, awareness, communication, and testing needs to be driven with human security in mind, technology cannot be the only control point.

Ok back to the 5 blocks!

  1. Back to Basics – Organisations need to implement the basic requirements for securing an organisation. NCSC define the top 10 areas as network security, user education & awareness, malware prevention, removable media controls, secure config, user privileges, incident management, monitoring and home / mobile working. In addition to this, I always add one addition areas – asset management – you cannot secure what you do not know you have got, asset management needs to include hardware, software and data registers.
  2. CISO Engagement – Over the last 5-10 years the role of the CISO is slowly changing, moving towards a more business-facing role which has relationships with the C-Suite as well as the security operations and risk functions.
  3. Testing – Defining, building, implementing, and reviewing a series of tests that assess and assure an organisation that its people, processes and technology are in place and working. These will be a mix of traditional IT Security Health Checks, Penetration Tests, Blue Teaming, Red Teaming and Purple teaming.
  4. Advanced Technology and Automation – Investigation of new technologies as they hit the market to address the ever-changing threat landscape. A focus on automation to reduce the manual analysis of data and workflows to improve and deliver standard, repeatable and consistent outcomes from a security perspective utilising machine learning, AI and other technologies – for example, SOAR at the SOC level, moving to more a proactive cyber defence model rather than reactive.
  5. Proactive Threat Hunting – Having the capability to proactively look at threat hunting for your business & sector, utilising a mix of people and technology to try to keep one step ahead of the curve for the organisation.

Capita as an organisation employs in the region of 50,000 people across the 6 different divisions, supporting all sectors across the globe.

Since joining Capita in January 2020, I have reviewed the various security teams, structure, processes, and technology used across the organisation. I have implemented a series of transformational changes that initially focused on the teams and structure of security to bring together as one. Now the team structure is in place, the security roadmap for 2021 focuses on the continuous improvement around testing, advanced technology, automation, and threat hunting, alongside my role working with the business and C-Suite advising them on risks, threats and plans.

CDW: 2020 has been a challenging and in many ways, a formative year for a new 100% work-from-home model which everyone has had to embrace. How has a distributed workforce model affected the cyber resilience of major corporations? What changes in approaches have been necessary in 2020 do you think?

PK: We all agree 2020 has been a challenging year in many ways, the impact of the pandemic touches all at home as well as at work. Whilst we all see light at the end of the tunnel in 2021, we cannot take our foot off the gas and sit back, we all need to continue to stay safe and protect our people.

The pandemic has changed the way we all think and work, from a cyber resilience perspective the focus areas include, but are not limited to the following areas:

  • Communication & Phishing – at the start of the pandemic we saw an increase in COVID-19 related phishing attacks, due to this we increased our communications to all employees about spotting and reacting to phishing emails.
  • Testing – As users transition from office to home environments, we recognised the need to increase our testing early on during the pandemic to ensure the organisation was prepared for the increase.
  • Monitoring / Brace – We all know cyber controls and process can only go so far and can only be tested against known scenarios. I don’t feel any organisation could have predicted a global pandemic hitting, we took the stance to brace for disruption, i.e. increase monitoring to ensure we were ready to react.

CDW: We’ve seen most recently the hugely damaging aftermath of two large events – the FireEye cyber-attack and the Solarwinds hack. Both are by, reportedly, nation-state actors. What is your take on these?

PK: As we know the FireEye breach and SolarWinds hack is a shot across the bows of the security industry and security teams worldwide. The size and scale of the two incidents, when looked at together and the number of high-profile organisations affected is staggering.

As a security professional this brings home the point that we are never 100% secure. We can do everything in our power to reduce the risk, but somebody will always find a way to get in, state-sponsored or not, these attacks normally have a financial drive behind them for the hackers, for the right amount of money, hackers will break through controls and gain access.

CDW: So, if we look at FireEye specifically, the response from the security industry has been an interesting one with most people being supportive of FireEye, which is a turnaround from other high-profile breaches with say, Sony or TalkTalk. Knowing how seriously FireEye, a Cybersecurity company, take their security, does this emphasise even further the need to move to a high cyber resilience model?

PK: FireEye, SolarWinds, Microsoft, BA, Marriott, and all the other high-profile organisations that have been in the media recently – this should be a wakeup call for security teams to increase focus on cyber resilience, be prepared, know what you have, know your environment, know your team, test your plans, include your business, include your C-Suite, get them involved in the scenario planning so they recognise and understand the need to be prepared.

If you do not do this, and you do not know what is happening within your infrastructure and environment, and you are not prepared for an attack or breach, then you only have yourself to blame. With the information and data I have seen I believe FireEye have done everything they could to protect their organisation.

CDW: Do we need to accept that breaches are now to be expected – it’s how we respond to these which will determine success or not…?

PK: We all know there will be breaches in the future, should we accept this? No.  It’s the how, who, and when you respond as an organisation which makes the difference.

There are so many organisations and communities available that can help, advise and even deliver services to reduce risk, create, test and manage cyber resilience going forward.

Without the right people, process, technology and plans in place then future security attacks will be successful.

CDW: So, let’s say you’re a CISO talking to the Board and the CEO about Cyber Resilience and how, in effect, nothing is totally secure and we need to prepare for the worst. How do you do that effectively, engaging the Board and ExCo without being seen as a typical “CISO Killjoy”?

PK: It’s a great question, and in true security fashion there is never a one size fits all, I can only talk about what has worked well for me.

My approach is quite simple, I break the key aspect of information and cybersecurity down into 6 areas:-

  • People
  • Controls
  • Cyber Resilience
  • Physical Security
  • Governance & Assurance
  • Legal, Regulatory & Compliance

Each of these has a clear risk statement attached to them, and then several controls in each with a control effectiveness score and risk score.

This allows me to set the scene and discuss where more focus is required in each area to be prepared for a breach or attack. Again, depending on the organisation, this will depend on the level of focus and activity in each area.

This approach allows for a regular update / cyber dashboard view to be presented at a high executive level, with the capability to drill down into details and facts where required.

Now we all know that C-Suites have various levels of knowledge, experience and understanding of cybersecurity, the CISO’s role is to remove the complexity and make it easier to understand, whilst keeping the seriousness of the subject. I have found that running desktop scenarios works well for Executive boards that are new to the CISO or are newly formed due to business growth/changes. The scenarios bring to life the role and responsibilities that the Exec’s play during a major cyber incident, but also helps strengthen the need to maintain the right level of investment in security and cyber resilience.

I am not an advocate of the ticking time bomb approach, or the fear, uncertainty, and doubt approach which in my experience, is short-lived. As a CISO you need to build a relationship with the C-Suite and have the capability to discuss at the right level that allows for ongoing engagement and leadership.

CDW: What would be your advice and guidance to companies developing a more evolved cyber resilience posture?

PK: Back to basics, know your environment, assets, people, technology and follow the ten steps from the NCSC. Always ensure you do not forget the human side of security, people can be your weakest link, but they are also your strongest.

Categories
News Uncategorized

CyNam Chairman gives us his 2020 In Review

2020 has been an extraordinary year, unprecedented and challenging for everyone in a variety of ways. This time last year, news was starting to emerge of a mysterious virus originating in China – who could have predicted the far-reaching implications of how things would pan out. The initial UK lockdown began on March 23rd and ran until June 1st, a total of 14 weeks. Schools shut, bars, restaurant, gyms and shops were closed and anyone able to do so, worked from home. Empty streets, empty shopping centres, empty bus stops, empty offices. Hospitals at capacity and the UK, along with the rest of the world, plunging into a steep recession. Home-schooling and exam chaos affected children and young adults across the nation, with the ramifications still coming to bear. Coronavirus has been a generational, “black swan” event and it will be years for the full impact to be assessed and comprehended.

But, some positivity has come out of these challenging times. Lockdown has brought communities together and actively demonstrated community spirit going beyond politics (remember Brexit…?). In May, the New Local Government Network think tank reported council leaders saying community cohesion was at an all-time high. Villages, towns and cities turned out daily to clap our phenomenal NHS workers in unison. There have been unbelievable acts of kindness and heroics – notably Capt. Tom Moore, a 99-year old war veteran who raised over £23m for the NHS by completing 100 laps of his garden, but countless others looking out for friends, neighbours and strangers alike. Diversity and inclusion has also been brought to the fore and is now beginning to be actively addressed as a critical business priority.

Ways of working have been revolutionised, with businesses of all sizes having pivot to home-working models, showcasing the opportunity for companies to wholly embrace the rise of a digital workforce. Large enterprises have seen 3-5 year plans to enable virtual working solutions compressed into 3-5 months. The need for robust, secure technology has never been more apparent with the technology and cybersecurity sectors being relatively positive outliers to an otherwise depressed and desolate commercial landscape.

2020 has been an incredibly positive year for CyNam. The engagement and support we have received from the cyber technology community which we serve has been phenomenal and our three headline events have seen our largest ever attendance (the largest of any UK Cyber Cluster). We have learnt how to go digital ourselves through live virtual events, primarily down to our fantastic Operations & Innovation Manager, Clare Bourne who joined CyNam in May. A number of the cyber companies in the area have also continued their growth and successes despite the backdrop, demonstrating both the depth of technical expertise we have locally and what an opportunity exists within the cyber tech sector moving forward. The Golden Valley development continues to gain momentum in building a world-class cyber tech innovation park right on our doorstep and the £5.2m Minster Innovation Exchange secured extra funding to build a town centre workspace for the cyber tech community including a 300-person performance arena.

CyNam’s mission for 2021 remains as the platform for the cyber tech community here in Cheltenham and Gloucestershire, acting as a positive catalyst for growth and prosperity for all. We will be running our three Headline Events as well as several round-table events which we hope you will continue to support and find valuable. Please get in touch with any suggestions or content you are particularly interested in us exploring. We will also be actively supporting the wider Cyber Cluster ecosystem across the UK and have some big plans (all will be revealed!) which will no doubt also take shape over the coming year.

I would like to thank all our 2020 sponsors – most notably our Gold Sponsor, Capita – for your support this year. CyNam is completely self-funded and without your contributions, none of what we do would be possible. We are looking for Industry and Event sponsorship for 2021 and would encourage anyone to make contact if you would like to be an active supporter next year.

Lastly, I would like to thank all of the CyNam Directors who give up their time willingly and without expectation to support the purpose and mission of CyNam. You are all rockstars and it is a genuine privilege.

If 2020 has been a year to forget, let’s make 2021 a year to truly remember. In the meantime, stay safe and please all have a very Happy Christmas.

Chris Dunning-Walton

Categories
News Uncategorized

CyNam 20.3 Breakout Sessions

There will be three excellent breakout sessions taking place at CyNam 20.3; covering a wide a range of topics close to the hearts of our ecosystem. The breakout sessions will take place for 30 minutes during the main event from 17.58 – 18.28 GMT.

 

Ripjar – Panel Discussion – Transforming Cyber Threat Intelligence – Under the Bonnet

In addition to their Keynote discussion “Transforming Cyber Threat Intelligence”; Ripjar will delving further into this topic by hosting a live discussion and Q & A session in the break during the CyNam 20.3 live broadcast.

In this panel session, Jeremy Annis, CEO of Ripjar, Don Smith, Director of the Cyber Threat Unit and David Balson, Director of Intelligence at Ripjar will address key questions in how platforms can enable a thriving ecosystem of people, processes and technology to effectively scale cyber intelligence production and knowledge sharing in global businesses and government agencies. It will address the technical enablers and blockers for effective cyber threat intelligence sharing, exploring key concepts around how platforms can be built to explore data with new analytics, piece together complex adversary behaviour and securely share sensitive intelligence.

 

Ladies of Cheltenham Hacking Society – Security Through Diversity

Cyber criminals don’t all look the same, so neither should the teams working to protect us. In this session we will be discussing the latest figures on diversity in UK cyber and talking about practical tips to boost inclusion in the industry.

 

Gloucestershire College – Moving Forwards: The importance of apprenticeships in our cyber industry

Gloucestershire College is the proud Academic Sponsor of CyNam. We deliver accredited cyber and IT training for students and apprentices from our state-of-the-art facilities in Gloucester and Cheltenham.

It has never been more important for businesses to invest in the future of cyber talent, and for young people to harness the incredible opportunities presented on their doorstep.

Employers, students, prospective apprentices, and existing employees are invited to join Julie Tegg, Director of Apprenticeships and Employer Training at GC, to discover the importance of IT and cyber apprenticeships within the cyber industry, and the benefits of getting involved.

 

Sopra Steria – The psychology of crisis management 

With cyber-attacks on the rise, there will come a time for many companies to face the impact of malicious activity. In this session, Rakhee Porter, Head of Resilience at Sopra Steria, will explore the culture, behaviours and leadership qualities that will equip a team to remain on the front foot in a crisis situation.

To participate in one of these fantastic breakout sessions, please register for the full event here on Eventbrite.