BRUNEL UNIVERSITY LONDON
STEERING A NEW
CYBER PATH AND
INVESTING EARLY
Mick Jenkins MBE, Chief Information Security
Officer at Brunel University, had a core vision
to build a unified cybersecurity platform. He
explains his cybersecurity strategy.
efore I joined
B
Brunel University
as Chief
Information
Security Officer,
I worked in
counter-terrorism
as an Intelligence Officer and Bomb
Disposal Officer. The journey from the
world of intelligence to cybersecurity
was a natural one for me, for many
reasons. Nowadays, you could say that
a lot of my role as a CISO focuses on
counter-intelligence and that’s how my
team operate within a Cybersecurity
Operations Centre (CSOC) designed
specifically for that purpose.
One of my roles in defence
intelligence was what was known
as Intelligence Preparation of the
Battlefield (IPB). Nowadays, I’m more
interested in what other adversaries are
doing in the intelligence preparation
of cyberspace. This is where the
adversary is plumbing into networks
and digital environments, persistently
gathering intelligence, waiting for the
point in time when they can trigger a
specific action to achieve an effect,
conduct an exfiltration or worse, a
complete denial of service through
ransomware or similar. So, we have to
be familiar with their tactics, techniques
and procedures (TTPs) and of course
build capability to counter that.
My core role as CISO has always
been to deliver the five-year strategy
I designed and one that was formally
approved by the Executive Board
in 2017, so we’re just over halfway
through now. My daily tasks all relate
in some way or the other to the
delivery of that strategy. For example,
at this moment in time, I’m focusing
on the capability development plan for
establishing safe data havens for our
research and sensitive data through a
sequencing of functionality to achieve
Zero Trust environments. This capability
development programme and cyber and
information security strategy is very
important to the university, very much
Mick Jenkins MBE, Chief Information
Security Officer at Brunel University
because they rightly see cybersecurity
as one of their top five strategic threats.
To help me with delivering the strategy
and building complex capability, I
chose to recruit only a small number of
strategic partners. Embarking on such
an ambitious programme simply could
not be done alone and one of my core
visions was to build what I call a unified
cybersecurity platform. Cisco provided
the instrumentation, Exabeam delivered
the next-generation SIEM and Khipu acts
as our expansion of the analytical team to
develop playbooks, conduct penetration
testing and deliver other InfoSec services.
I like to call them all my ‘critical friends’
as they’ve been superb at taking my
intent and shaping it into a technical
solution and roadmap that is technically
unique within our education sector.
62 Issue 27 | www.intelligentciso.com