could have a severe impact on retaining
trust and competitive edge with all our
stakeholders as well as large fines.
Investing early was the university’s way
of insuring against such strategic risk.
What has been insightful for me is that
most of my counter-terrorist and bomb
disposal work operated with the same
doctrine as we use today to counter
cybercrime. The ‘kill chain’ is a term
used within cyberdefence to explain
the varying phases of attack, from
reconnaissance, deploying the payload,
right through to executing the bomb or
‘cyber bomb’.
Defenders seek to exploit the phases
to predict, detect, mitigate and contain
attacks. We now have an approach
within the analysts and with our
instrumentation, to operate in the
space of the ‘kill chain’, to get ahead
of the adversary through effects-based
thinking. Predicting where nation state
and organised crime attackers will
seek to attack us, knowing our true
vulnerability to those stages of the attack
through red team simulation exercises,
containing incidents through automation
and responding through incident teams
that have been well trained to react and
deliver an effect quickly.
The value of simulation exercises
from an adversary, such as advanced
persistent threat groups, has significantly
improved our joint team’s knowledge on
TTP’s and our own vulnerability.
The biggest challenge for the university
has been the balance of investment
versus return on investment. This
balance has been achieved through the
careful thought leadership, including
from Cisco and Exabeam, and the
executive board are now seeing the ROI
and more importantly, the enduring value
of investment through metrics showing
far fewer incidents and occurrences.
Skills-wise, it was important that the tech
instrumentation and high-end capability
was fully in tune with our cyber forensic
analysts. Another core challenge was to
make sure we invested appropriately in
tech, process and people. The people
part has always been the best part for
me. Coaching and mentoring the teams
to operate to a new doctrine with new
technical functionality to achieve an
effect. The challenge, which is ongoing,
is in developing the analysts and our
cyber apprentice through ongoing
formalised training and visiting other
CSOCs. We’ve also been very grateful
for the support of Exabeam in upskilling
our team through varying innovative
exchanges and visits from their teams.
This is ongoing and a core part of my
intent in the coming year to further
engrain the strategic partnership.
Teamwork has
made a huge
difference where I
now see IT teams,
privacy, cyber and
programme teams all
operating towards a
common goal.
From a personal perspective, I have
been monitoring nation state cyber
actors for some time and often inject
some of their tactics into my novels.
The nexus between the nation state and
proxies, plus organised crime has most
certainly broadened of late. In Russia,
for example, the state will pretty much
turn a blind eye to organised cybercrime
gangs so long as they do not touch the
state apparatus. And alongside hybrid
warfare tactics, the use of proxies to
conduct cyberattacks is now widely seen
to mask attributability. It’s certainly an
area to look out for, particularly as the
TTPs can be passed from one actor to
another. Another example is where some
nation states allow their cyber actors to
generate income by stealing data and
selling it on the Dark Web to self-fund
their own criminal machinery.
It’s been a great journey at Brunel so
far and in a sector that I quickly realised
really needed executive board buy
in. This top-down approach is vital to
cascade into the workforce about how
important cybersecurity was for them.
If it begins at the top, the behaviours
and the culture changes much quicker
and an enduring communications
campaign into our community was
a vital part of changing minds and
improving practice to become more
mature across all the strands of
information assurance. It’s great to see
that IT practitioners, our staff and our
community now care about data. And
as a result, data handling has improved.
Tips for aspiring CISOs? Well from my
experience at Brunel, there are a few.
Make friends with the executive board
and relate all your narratives to crime,
without any jargon. Then people get it.
As a leader of people, invest heavily
in your staff and give them a clear
professional development pathway, as
well as clear objectives, doctrine and
process. Conduct regular simulation
exercises, they really are vital and bring
together great programme managers
and strategic partners. The rest is well,
simply hard graft to navigate the many
perils along the roadmap. Finally, enjoy
it. It’s been one of my most favourite
leadership positions in a career
spanning four decades. u
www.intelligentciso.com | Issue 27
65