Blog News Uncategorized

Talking Cyber Resilience with Capita – A Fireside Chat

In this blog, CyNam Chairman Chris Dunning Walton talks cyber resilience with Paul Key, Group Chief Information Security Officer (CISO) for Capita. They explore the subject of what cyber resilience is and how it interacts in the wider cyber security conversation.

Paul Key is an accomplished security professional with over 30 years’ experience of strategy, leadership and communication at all levels, his background allows him to understand a wide range of business, privacy, cyber, security and IT issues covering architecture, service delivery, governance, risk & Compliance, technical, infrastructure, physical security, application / data security, policies & processes, strategy and business continuity planning, in both traditional and agile working environments.
Paul believes the way forward in security is to build relationships, listen, communicate and work together to overcome the multiple threats and challenges that face organisations today. Security is a team effort; we all need to be involved.

CDW: Paul, today we are going to talk about Cyber Resilience – let’s set the scene. What do you see as the difference between cybersecurity and cyber resilience – and why does cyber resilience matter?

PK: Let us start with the difference, Cyber Security is about getting the foundations right, making sure your business has the right people, processes, and technology in place to defend and reduce the possibility of cybercriminals getting into your organisation or disrupt your business. If we look at the NIST framework, in my eyes this would be the Identify, Protect & Detect elements.

Cyber Resilience is about how your organisation will prepare for and respond to an attack or cyber incident. Again, looking at the NIST framework, this would be the Respond & Recover elements.

So why does Cyber Resilience matter? It is a great question.

As we all know, you can never be 100% secure, there is always somebody out there that can breach a security control, due to this, organisations need to do everything they can to be able to respond appropriately to an incident or attack. Response needs to be structured, controlled, and delivered in the right way and at the right speed to reduce the impact on your organisation.

However, Cyber Resilience is not all about responding and recovering. It also includes continuous testing and improving the technology as well as the people and processes involved in all aspects of cyber and information security for your organisation 24×7.

CDW: Do you see Cyber Resilience as a part of Cyber Security or vice versa – e.g. is cybersecurity (keeping them out) just a part of wider cyber resilience? 

PK: It’s a good question, I see that Cyber Resilience is the glue that keeps the cybersecurity elements together, as mentioned in the previous question, cyber resilience needs to include the continuous checking, improving and updating to maintain the right level of controls and posture for the organisation.

If we did not do this, the effectiveness of the controls would reduce over time as the threats change and increase.

CDW: So why do you think Cyber Resilience matters today?

PK: As said, we can never be 100% secure, there is always somebody out there that can breach a security control. Organisations need to have a leg in either camp – cybersecurity and cyber resilience.

Depending on the maturity of the organisation this will depend on where the focus is required, security or resilience.

Looking back to 2020, according to a report from Mimecast ‘the state of Email security report 2020’ 31% of organisations experienced data loss due to the lack of cyber resilience preparedness. I suspect this number is a lot higher across the globe. Organisations need to shift their thinking around security and cyber controls, it needs to move on from an IT issue to a business issue that touches every department function and employee in an organisation.

CDW: What are the key building blocks to developing an effective cyber resilience programme? How has Capita gone about this?

PK: There are many views over what makes an effective cyber resilience programme, in my view breaks it down into 5 building blocks – however before we look at those 5 blocks, we need to recognise and understand that people play a part in everything we do. We must not forget the human side of security.

Education, awareness, communication, and testing needs to be driven with human security in mind, technology cannot be the only control point.

Ok back to the 5 blocks!

  1. Back to Basics – Organisations need to implement the basic requirements for securing an organisation. NCSC define the top 10 areas as network security, user education & awareness, malware prevention, removable media controls, secure config, user privileges, incident management, monitoring and home / mobile working. In addition to this, I always add one addition areas – asset management – you cannot secure what you do not know you have got, asset management needs to include hardware, software and data registers.
  2. CISO Engagement – Over the last 5-10 years the role of the CISO is slowly changing, moving towards a more business-facing role which has relationships with the C-Suite as well as the security operations and risk functions.
  3. Testing – Defining, building, implementing, and reviewing a series of tests that assess and assure an organisation that its people, processes and technology are in place and working. These will be a mix of traditional IT Security Health Checks, Penetration Tests, Blue Teaming, Red Teaming and Purple teaming.
  4. Advanced Technology and Automation – Investigation of new technologies as they hit the market to address the ever-changing threat landscape. A focus on automation to reduce the manual analysis of data and workflows to improve and deliver standard, repeatable and consistent outcomes from a security perspective utilising machine learning, AI and other technologies – for example, SOAR at the SOC level, moving to more a proactive cyber defence model rather than reactive.
  5. Proactive Threat Hunting – Having the capability to proactively look at threat hunting for your business & sector, utilising a mix of people and technology to try to keep one step ahead of the curve for the organisation.

Capita as an organisation employs in the region of 50,000 people across the 6 different divisions, supporting all sectors across the globe.

Since joining Capita in January 2020, I have reviewed the various security teams, structure, processes, and technology used across the organisation. I have implemented a series of transformational changes that initially focused on the teams and structure of security to bring together as one. Now the team structure is in place, the security roadmap for 2021 focuses on the continuous improvement around testing, advanced technology, automation, and threat hunting, alongside my role working with the business and C-Suite advising them on risks, threats and plans.

CDW: 2020 has been a challenging and in many ways, a formative year for a new 100% work-from-home model which everyone has had to embrace. How has a distributed workforce model affected the cyber resilience of major corporations? What changes in approaches have been necessary in 2020 do you think?

PK: We all agree 2020 has been a challenging year in many ways, the impact of the pandemic touches all at home as well as at work. Whilst we all see light at the end of the tunnel in 2021, we cannot take our foot off the gas and sit back, we all need to continue to stay safe and protect our people.

The pandemic has changed the way we all think and work, from a cyber resilience perspective the focus areas include, but are not limited to the following areas:

  • Communication & Phishing – at the start of the pandemic we saw an increase in COVID-19 related phishing attacks, due to this we increased our communications to all employees about spotting and reacting to phishing emails.
  • Testing – As users transition from office to home environments, we recognised the need to increase our testing early on during the pandemic to ensure the organisation was prepared for the increase.
  • Monitoring / Brace – We all know cyber controls and process can only go so far and can only be tested against known scenarios. I don’t feel any organisation could have predicted a global pandemic hitting, we took the stance to brace for disruption, i.e. increase monitoring to ensure we were ready to react.

CDW: We’ve seen most recently the hugely damaging aftermath of two large events – the FireEye cyber-attack and the Solarwinds hack. Both are by, reportedly, nation-state actors. What is your take on these?

PK: As we know the FireEye breach and SolarWinds hack is a shot across the bows of the security industry and security teams worldwide. The size and scale of the two incidents, when looked at together and the number of high-profile organisations affected is staggering.

As a security professional this brings home the point that we are never 100% secure. We can do everything in our power to reduce the risk, but somebody will always find a way to get in, state-sponsored or not, these attacks normally have a financial drive behind them for the hackers, for the right amount of money, hackers will break through controls and gain access.

CDW: So, if we look at FireEye specifically, the response from the security industry has been an interesting one with most people being supportive of FireEye, which is a turnaround from other high-profile breaches with say, Sony or TalkTalk. Knowing how seriously FireEye, a Cybersecurity company, take their security, does this emphasise even further the need to move to a high cyber resilience model?

PK: FireEye, SolarWinds, Microsoft, BA, Marriott, and all the other high-profile organisations that have been in the media recently – this should be a wakeup call for security teams to increase focus on cyber resilience, be prepared, know what you have, know your environment, know your team, test your plans, include your business, include your C-Suite, get them involved in the scenario planning so they recognise and understand the need to be prepared.

If you do not do this, and you do not know what is happening within your infrastructure and environment, and you are not prepared for an attack or breach, then you only have yourself to blame. With the information and data I have seen I believe FireEye have done everything they could to protect their organisation.

CDW: Do we need to accept that breaches are now to be expected – it’s how we respond to these which will determine success or not…?

PK: We all know there will be breaches in the future, should we accept this? No.  It’s the how, who, and when you respond as an organisation which makes the difference.

There are so many organisations and communities available that can help, advise and even deliver services to reduce risk, create, test and manage cyber resilience going forward.

Without the right people, process, technology and plans in place then future security attacks will be successful.

CDW: So, let’s say you’re a CISO talking to the Board and the CEO about Cyber Resilience and how, in effect, nothing is totally secure and we need to prepare for the worst. How do you do that effectively, engaging the Board and ExCo without being seen as a typical “CISO Killjoy”?

PK: It’s a great question, and in true security fashion there is never a one size fits all, I can only talk about what has worked well for me.

My approach is quite simple, I break the key aspect of information and cybersecurity down into 6 areas:-

  • People
  • Controls
  • Cyber Resilience
  • Physical Security
  • Governance & Assurance
  • Legal, Regulatory & Compliance

Each of these has a clear risk statement attached to them, and then several controls in each with a control effectiveness score and risk score.

This allows me to set the scene and discuss where more focus is required in each area to be prepared for a breach or attack. Again, depending on the organisation, this will depend on the level of focus and activity in each area.

This approach allows for a regular update / cyber dashboard view to be presented at a high executive level, with the capability to drill down into details and facts where required.

Now we all know that C-Suites have various levels of knowledge, experience and understanding of cybersecurity, the CISO’s role is to remove the complexity and make it easier to understand, whilst keeping the seriousness of the subject. I have found that running desktop scenarios works well for Executive boards that are new to the CISO or are newly formed due to business growth/changes. The scenarios bring to life the role and responsibilities that the Exec’s play during a major cyber incident, but also helps strengthen the need to maintain the right level of investment in security and cyber resilience.

I am not an advocate of the ticking time bomb approach, or the fear, uncertainty, and doubt approach which in my experience, is short-lived. As a CISO you need to build a relationship with the C-Suite and have the capability to discuss at the right level that allows for ongoing engagement and leadership.

CDW: What would be your advice and guidance to companies developing a more evolved cyber resilience posture?

PK: Back to basics, know your environment, assets, people, technology and follow the ten steps from the NCSC. Always ensure you do not forget the human side of security, people can be your weakest link, but they are also your strongest.

News Uncategorized

CyNam Chairman gives us his 2020 In Review

2020 has been an extraordinary year, unprecedented and challenging for everyone in a variety of ways. This time last year, news was starting to emerge of a mysterious virus originating in China – who could have predicted the far-reaching implications of how things would pan out. The initial UK lockdown began on March 23rd and ran until June 1st, a total of 14 weeks. Schools shut, bars, restaurant, gyms and shops were closed and anyone able to do so, worked from home. Empty streets, empty shopping centres, empty bus stops, empty offices. Hospitals at capacity and the UK, along with the rest of the world, plunging into a steep recession. Home-schooling and exam chaos affected children and young adults across the nation, with the ramifications still coming to bear. Coronavirus has been a generational, “black swan” event and it will be years for the full impact to be assessed and comprehended.

But, some positivity has come out of these challenging times. Lockdown has brought communities together and actively demonstrated community spirit going beyond politics (remember Brexit…?). In May, the New Local Government Network think tank reported council leaders saying community cohesion was at an all-time high. Villages, towns and cities turned out daily to clap our phenomenal NHS workers in unison. There have been unbelievable acts of kindness and heroics – notably Capt. Tom Moore, a 99-year old war veteran who raised over £23m for the NHS by completing 100 laps of his garden, but countless others looking out for friends, neighbours and strangers alike. Diversity and inclusion has also been brought to the fore and is now beginning to be actively addressed as a critical business priority.

Ways of working have been revolutionised, with businesses of all sizes having pivot to home-working models, showcasing the opportunity for companies to wholly embrace the rise of a digital workforce. Large enterprises have seen 3-5 year plans to enable virtual working solutions compressed into 3-5 months. The need for robust, secure technology has never been more apparent with the technology and cybersecurity sectors being relatively positive outliers to an otherwise depressed and desolate commercial landscape.

2020 has been an incredibly positive year for CyNam. The engagement and support we have received from the cyber technology community which we serve has been phenomenal and our three headline events have seen our largest ever attendance (the largest of any UK Cyber Cluster). We have learnt how to go digital ourselves through live virtual events, primarily down to our fantastic Operations & Innovation Manager, Clare Bourne who joined CyNam in May. A number of the cyber companies in the area have also continued their growth and successes despite the backdrop, demonstrating both the depth of technical expertise we have locally and what an opportunity exists within the cyber tech sector moving forward. The Golden Valley development continues to gain momentum in building a world-class cyber tech innovation park right on our doorstep and the £5.2m Minster Innovation Exchange secured extra funding to build a town centre workspace for the cyber tech community including a 300-person performance arena.

CyNam’s mission for 2021 remains as the platform for the cyber tech community here in Cheltenham and Gloucestershire, acting as a positive catalyst for growth and prosperity for all. We will be running our three Headline Events as well as several round-table events which we hope you will continue to support and find valuable. Please get in touch with any suggestions or content you are particularly interested in us exploring. We will also be actively supporting the wider Cyber Cluster ecosystem across the UK and have some big plans (all will be revealed!) which will no doubt also take shape over the coming year.

I would like to thank all our 2020 sponsors – most notably our Gold Sponsor, Capita – for your support this year. CyNam is completely self-funded and without your contributions, none of what we do would be possible. We are looking for Industry and Event sponsorship for 2021 and would encourage anyone to make contact if you would like to be an active supporter next year.

Lastly, I would like to thank all of the CyNam Directors who give up their time willingly and without expectation to support the purpose and mission of CyNam. You are all rockstars and it is a genuine privilege.

If 2020 has been a year to forget, let’s make 2021 a year to truly remember. In the meantime, stay safe and please all have a very Happy Christmas.

Chris Dunning-Walton

News Uncategorized

CyNam 20.3 Breakout Sessions

There will be three excellent breakout sessions taking place at CyNam 20.3; covering a wide a range of topics close to the hearts of our ecosystem. The breakout sessions will take place for 30 minutes during the main event from 17.58 – 18.28 GMT.


Ripjar – Panel Discussion – Transforming Cyber Threat Intelligence – Under the Bonnet

In addition to their Keynote discussion “Transforming Cyber Threat Intelligence”; Ripjar will delving further into this topic by hosting a live discussion and Q & A session in the break during the CyNam 20.3 live broadcast.

In this panel session, Jeremy Annis, CEO of Ripjar, Don Smith, Director of the Cyber Threat Unit and David Balson, Director of Intelligence at Ripjar will address key questions in how platforms can enable a thriving ecosystem of people, processes and technology to effectively scale cyber intelligence production and knowledge sharing in global businesses and government agencies. It will address the technical enablers and blockers for effective cyber threat intelligence sharing, exploring key concepts around how platforms can be built to explore data with new analytics, piece together complex adversary behaviour and securely share sensitive intelligence.


Ladies of Cheltenham Hacking Society – Security Through Diversity

Cyber criminals don’t all look the same, so neither should the teams working to protect us. In this session we will be discussing the latest figures on diversity in UK cyber and talking about practical tips to boost inclusion in the industry.


Gloucestershire College – Moving Forwards: The importance of apprenticeships in our cyber industry

Gloucestershire College is the proud Academic Sponsor of CyNam. We deliver accredited cyber and IT training for students and apprentices from our state-of-the-art facilities in Gloucester and Cheltenham.

It has never been more important for businesses to invest in the future of cyber talent, and for young people to harness the incredible opportunities presented on their doorstep.

Employers, students, prospective apprentices, and existing employees are invited to join Julie Tegg, Director of Apprenticeships and Employer Training at GC, to discover the importance of IT and cyber apprenticeships within the cyber industry, and the benefits of getting involved.


Sopra Steria – The psychology of crisis management 

With cyber-attacks on the rise, there will come a time for many companies to face the impact of malicious activity. In this session, Rakhee Porter, Head of Resilience at Sopra Steria, will explore the culture, behaviours and leadership qualities that will equip a team to remain on the front foot in a crisis situation.

To participate in one of these fantastic breakout sessions, please register for the full event here on Eventbrite.

News Uncategorized

Cyber Showcases at CyNam 20.3!

We are looking forward to showcasing three fantastic businesses at CyNam 20.3 for our final headline event.

These businesses are making waves in our local cyber community and beyond, and you will be able to learn more about what they do in our dedicated Cyber Showcase page (available on the broadcast site from mid October).

Joining the Cyber Showcase are:

Cybervadis – the first scalable solution to cover your whole supply chain with a third-party cybersecurity risk assessment process. Third-party vendors’ lack of cyber maturity leads to high impact breaches, financial loss, reputational damage, loss of intellectual property, and non-compliance fines. And yet today, only a small percentage of companies monitor the risk of all the vendors in their supply chain.

Synalogik — a team of OSint, data processing & automation experts from across the intelligence, law enforcement & investigation industries, united by one vision; to revolutionise the automation of targeted data collection & analysis, allowing organisations to make smarter decisions.

Gemba Advantage – make high-impact software that is secure, scalable and sustainable. Their experience and expertise allows them to succeed inside and alongside our customers’ exacting operational environments. They make software that makes a difference.

Registration for CyNam 20.3 – Staying Ahead of Cyber Criminals is available on Eventbrite

News Uncategorized

BAE Systems announced at CyNam 20.3 Silver Sponsor

BAE Systems help their customers to stay a step ahead when protecting people and national security, critical infrastructure and vital information. This is a long-term commitment involving significant investments in skills. They also work closely with local partners to support economic development through the transfer of knowledge, skills and technology.

James Muir, Threat Intelligence Research Lead, BAE Systems Applied Intelligence from BAE will be joining for CyNam 20.3 Staying Ahead of Cyber Criminals and will be providing a talk on “Ransomware’s Perfect Storm” which will be covering the following:

A ransomware attack is a major threat to organisations across the world. Many ransomware operators are now also using data theft as an extortion tactic. This talk will discuss the reasons why ransomware attack is so prevalent, and the scale of the problem. Recommendations for prevention and response will be covered, as well as potential developments we may see in future.

In order to join us for the full event, please register via our Eventbrite page here: CyNam 20.3 – Staying Ahead of Cyber Criminals

News Uncategorized

CyNam 20.3 Registration Now Open and Ripjar Named as Headline Sponsor!


Registration now open for CyNam 20.3 – Staying Ahead of Cyber Criminals

Cyber Cheltenham (CyNam) brings together the cyber community for our last event of 2020, exploring the theme of how the cyber-crime threat is being fought on technical and operational levels.

With headline speakers from Microsoft, Central Government, Ripjar and others, the evening is set to be another fast-paced, stellar event, full of content and insight. We’ll also hear the latest on local and national initiatives including a student showcase and content from exciting local cyber scale-ups.

With new improved virtual networking sessions that you can access on-demand during the break, covering technical topics to diversity and inclusion, these will provide a real opportunity to engage in discussions with other attendees.

Whether you’re a cyber professional, a student or just have an interest in cyber security – this event is for you!!

Register now for updates on the upcoming agenda and speaker announcements.

Come and join our Slack channel for this event – just email and we’ll send you an invite!

Gold sponsor: Ripjar

We are pleased to announce that the Gold Headline sponsor for this event is Ripjar.

Ripjar is a data intelligence company that transforms global institutions ability to manage strategic, evolving risks that threaten the growth and prosperity of society. Ripjar delivers software products that overcome the growing challenges of tackling criminal behaviour in the information age; combining artificial intelligence, data fusion and data visualisation to scale resources and improve the effectiveness of organisations that are tackling complex risk and security problems including money laundering, terrorism and cyber attacks.

Registration is a must for this event, so head on over to Eventbrite now to sign up. Click here.

News Uncategorized

CyNam 20. 3 Date Announced!

CyNam’s final event of the year will be held on October 22nd 2020 17:00 – 19:00 GMT

This event will also be held virtually, so you can join in from anywhere in the world!

The topic for CyNam 20.3 is Staying Ahead of Cyber Criminals.

20.3 will explore the theme of how the cyber-crime threat is being fought on technical and operational levels.

With headline speakers from Microsoft, Central Government, Ripjar and others, the evening is set to be another fast-paced, stellar event, full of content, insight and networking opportunities. We’ll also hear the latest on the local and national initiatives and Showcase content from exciting local cyber scale-ups.

Registration will be open on Thursday September 3rd – we look forward to seeing you there!

News Uncategorized

Capita – Data & Ethics in a post-Covid world.

CyNam 20.2 instigated a lot of interesting questions and conversations, one of the most pressing conversations of the moment involved the use of data and ethics.

Kevin Nicholas, Government Lead from Capita recently wrote a thought piece regarding this subject and further elaborated on the subject at our recent CyNam 20.2 virtual event on June 18th.

If you would like to read the main thought piece, Data and ethics in a post-Covid world, you can find it here on the Capita website

News Uncategorized

A rundown of CyNam 20.2!

It was an action-packed day for the CyNam team and our community as we headed to the DRPG studios in Worcester to deliver our very first, socially distanced virtual event – CyNam 20.2 – The Changing Scene of Cyber. Going virtual meant that an opportunity arose to engage with the wider community outside of Cheltenham, which was a goal from the outset.

During these uncertain times, the topic “The Changing Scene of Cyber” spurred on a remarkable set of conversations from industry thought leaders around a range of topics pertaining to the current climate and the impact it has had on cybersecurity, not only for businesses but for opportunities in our field in terms of education, public sector and innovation.

With over 800 attendees joining the event, it was clear that this topic was front of mind for you, the cyber community.

Kicking off the event was an interesting panel discussion provided by Saj Huq, Programme Director at LORCA with fellow panellists’ Dr Godfrey Gaston, Executive Director of CSIT and Co-Founder of Global Epic and Stephen Wray – Director and Cyber Lead at Deloitte UK.

Innovation was the hot topic for this panel; delving into questions regarding the cyber “innovation ecosystem”, how start-ups can respond to the key challenges for their customers and how start-ups can become value creators and scale up internationally. The discussion also covered how academia and the government can also support innovation by providing support and resources to start-ups.

Next on the line-up was Kevin Nicholas, Government Senior Partner from Capita, who shared an insightful talk regarding the zeitgeist topic of data and ethics. Drawing from examples of the Singapore state data system and its use of data in the prevention of the spread of Coronavirus, Kevin addressed the debate around data surveillance and the collection of data, and broaching key topics such as what are the ethics of NOT gathering data and should we put more trust in the government when it comes to collecting data for the greater good?

It was then time for the Cyber Showcase panel with contributions from two excellent cyber start-ups Trust Stamp and Bitweave.

The key aim behind the Cyber Showcase is to give the cyber community an insight into the great innovative work being done in the sector by up and coming businesses.

Gareth Genner, CEO of Trust Stamp outlined how they are solving the problem of when biometric data gets lost and how Trust Stamp’s solution prevents reverse engineering to get to the original biometric data. He also shared how Trust Stamp is expanding outside of the fintech space into NGOs and hospitality.

Nick Leaver, CEO of Bitweave shared how they build big data analysis platforms to aid cybersecurity operations. Bitweave have overcome customer issues with the collection of big data including challenges between the data sets, data that’s difficult to analyse and trustworthiness of the data. Nick then shared how Bitweave can help mitigate or solve these problems using cloud, machine learning and containerisation.

Nick Sturge from Cyber Central and Madeline Howard from CyberFirst then took the stage.

Nick sharing the compelling proposition of the Golden Valley Development, a utopian vision of a new Cheltenham based cyber park with the scope to be a national cyber centre of excellence.

Madeline shared the work she has been undertaking interacting and engaging with schools and colleges, specifically in line with the important topic of inclusion and diversity and how to make the cyber security industry accessible and achievable for all.

We rounded up the event with a live Q&A panel which covered a raft of topics ranging from trust by design, understanding and knowing your mission as cyber security company, and culture.

For the full event experience, the CyNam 20.2 broadcast is now available on the CyNam YouTube channel – which you can access here.

News Uncategorized

Gloucestershire College announced as CyNam academic sponsor

We are thrilled to announce that Gloucestershire College and CyNam have partnered up as academic sponsors for the forthcoming year.

This is a great opportunity for both the area and the up and coming cyber talent that Gloucestershire has to offer as it will provide students with more opportunities to enter the cyber industry.

With cyber skills currently in high demand and Gloucestershire College recently appointed as an Institute of Technology, CyNam looks forward to bringing their network, knowledge and thought leadership into the next generation of cyber talent.

To read the full press release, please visit the Gloucestershire College website here