Ahead of the UKsec: Cyber Security Summit, we met with Jim Newman, Head of Cybersecurity at Railsr, for a quick discussion on the state of cyber security in the UK today.
Read on below for the full interview!
Please introduce yourself and tell us a little about your background….
I’m Jim, and my background is best described as eclectic. I’m a French teacher by profession but I’ve been working in technology for a little over 20 years, with a five year hiatus where I worked in collision investigation and road casualty reduction. By fortune, and not by design, this gave me a some great insight into risk, risk tolerance and a myriad of ways in which we manage risk. I’m a pragmatist when it comes to understanding my role and how seriously the business is likely to perceive or respond to risk so I take a realistic view of our threats and recommend controls that will give meaningful protection against our major threats.
What do you think are the biggest cyber security risks affecting the UK’s businesses today?
A lack of situational awareness in companies regarding the threats they face and how capable they are of protecting themselves. The increase in budgets and attention that cyber has been getting in a lot of businesses hasn’t led to a reduction in the number or scale of breaches but many executives have a false level of confidence in how prepared they are for an attack.
What do the next 5 years hold for your industry?
I expect to see attacks continue to grow in sophistication, scale and speed and while I expect to see security teams continue to grow in all of these areas, and tooling continue to improve, I still expect us to be playing catch up. The hot topic of a potential reversal of the EU GDPR adequacy decision regarding the UK is one that could cause security teams a lot of extra overhead and reduce their ability to drive security forward while they are focussed elsewhere.
Can you give me a taster of the main point you are going to make onstage?
Over the summer months my former employers hit some funding challenges and didn’t necessarily handle all of them as well as they might, ultimately leading to them going into administration. I’m going to talk about how the InfoSec team kept (mostly) calm, adapted to the rapidly changing threat model and remained focussed on protecting systems and data as everything collapsed around us.
What is your top advice for other cyber security professionals?
Get to know people throughout the business, find business problems security has ‘skin in the game’ and help solve them. Build a reputation for adding value so that the security team become a go-to and trusted advisor. Focus on realistic threats to your company, be honest about how the business would currently cope in the face of those threats, talk about what you are doing to address them and explain how long it’s going to take to get to a defensible position.
What are you most interested in exploring and learning about this year, cyber security wise?
The list of ‘parked’ exploration and learning projects is already long but there are a couple of things that I’m dying to spend some time on ‘side of desk’ that would satisfy the technical side of my brain but also test our capability to defend against certain vectors of attack.
Catch Jim at UKsec: Cyber Security Summit on 22nd – 23rd November as he shares his experience in a case study: ‘Insider Threat Management: A Case Study of Effective Mitigation’! Join us for his session and enjoy live Q&As throughout the summit by registering for FREE online with code: CYBER-VIP at uk.cyberseries.io/register/.
