CASE STUDY
C
amelot has been the licensed
operator of The National Lottery since
its launch in 1994. The company is
made up of around 750 employees.
David Boda has been Group Head of
Information Security for more than three
years and is tasked with overseeing all
aspects of information security.
He says of the role: “We run our own Security
Operations Centre (SOC) so it’s quite a nice
environment to work in because we do most
things in-house.
“Because the lottery is heavily dependent
on integrity, there’s a lot of buy-in from the
business for what we are trying to achieve, as
well as from the wider stakeholder community.
“The National Lottery celebrates its 25th
birthday this year and we’ve just passed the
£40 billion mark of money that has gone
to charities and good causes as a result of
what we do. That’s also one of the reasons
64
INTELLIGENTCIO
I like working here – it’s not just about
being a commercial organisation, it’s about
giving back.” products at some point, whether it’s a
scratchcard, online IWG or a EuroMillions or
Lotto ticket.”
Cybersecurity challenges The day to day job
At Camelot, all aspects of security are relevant
but there is a strong focus on integrity. Boda makes a point of checking his emails
just once a day, preferring face to face
interaction with his team and the wider
business stakeholders.
“People need to have confidence that if they
play a game, they know they’ve got a fair
chance of winning,” said Boda.
“We spend a lot of time trying to threat
model that out and understand how we can
come up with the right answers to give all
of our stakeholders the assurance they need
– whether it’s regulators, the public playing
the games or other stakeholders.
“Around 60% of UK adults currently play
National Lottery games. So that’s a large
proportion of the UK adult population
coming into contact with one of our
This, he says, is a better way of finding out
what the real challenges are, instead of
attempting to filter through emails.
“I try to balance it to make sure I’m in the
office enough but obviously there is quite a
lot of external engagement with suppliers,
partners and peers in the industry,” he said.
Threat sharing and collaboration
“I place quite a big emphasis on the value of
threat intelligence sharing so we do a lot of
www.intelligentcio.com