Intelligent CISO Issue 17 | Page 52

COVER STORY population coming into contact with one of our products at some point, whether it’s a scratchcard, online IWG or a EuroMillions or Lotto ticket.” The day to day job Boda makes a point of checking his emails just once a day, preferring face to face interaction with his team and the wider business stakeholders. This, he says, is a better way of finding out what the real challenges are, instead of attempting to filter through emails. “I try to balance it to make sure I’m in the office enough but obviously there is quite a lot of external engagement with suppliers, partners and peers in the industry,” he said. Threat sharing and collaboration “I place quite a big emphasis on the value of threat intelligence sharing so we do a lot of work in that space as well.” 52 Because the lottery is heavily dependent on integrity there’s a lot of buy-in from the business for what we are trying to achieve, as well as from the wider stakeholder community. “The attackers do it and from a defence point of view it makes sense,” he said. “So if you are mindful of any commercial sensitivities – there are plenty of ways to collaborate and help each other out without tripping up – then it’s really important.” Boda is Chairman of the Cybersecurity Working Group within the World Lottery Association, which is set up around the idea of threat intelligence sharing. Alongside the National Cyber Security Centre (NCSC), he’s also part of a gambling and gaming sector trust group which is also about threat sharing – something he set up with his former counterpart at William Hill. “Sometimes it’s not just about an IP address you’ve seen or a change in DDoS attacks, it could be that we’re thinking about using a new vendor and you want to have a conversation about ‘well, if you’ve used that vendor already what was your experience with them?’” The vendor–end user relationship “Sometimes I think there’s a bit of tension there, on both sides,” Boda concedes. “I think it’s a lot about making sure vendors and CISOs and end users make a conscious effort to take time to Issue 17 | www.intelligentciso.com