CASE STUDY
They are very keen to see that we invest in our
IT and cyber infrastructure, not least because
they want to future-proof our environments
to better protect our high-grade intellectual
property and staff and student personal data.
A data breach could have a huge impact on
an organisation such as ours, mainly because
we operate in a place of trust. Trust with
our research and commercial partners, with
our clients we serve, with the students and
the staff whose data we store and process.
A breach could have a severe impact on
retaining trust and competitive edge with
all our stakeholders, as well as large fines.
Investing early was the university’s way of
insuring against such strategic risk.
What has been insightful for me is that most
of my counter-terrorist and bomb disposal
work operated with the same doctrine as we
use today to counter cybercrime. The ‘kill
chain’ is a term used within cyberdefence to
explain the varying phases of attack, from
reconnaissance, deploying the payload, right
through to executing the bomb or ‘cyber
bomb’. Defenders seek to exploit the phases
those stages of the attack through red team
simulation exercises, containing incidents
through automation and responding
through incident teams that have been well
trained to react and deliver an effect quickly.
The value of simulation exercises from an
adversary such as advanced persistent threat
groups, has significantly improved our joint
team’s knowledge on TTP’s and our own
vulnerability. The biggest challenge for the
university has been the balance of investment
versus return on investment. This balance
has been achieved through the careful
thought leadership, including from Cisco and
Exabeam, and the executive board are now
seeing the ROI and more importantly, the
enduring value of investment through metrics
showing far fewer incidents and occurrences.
Skills-wise, it was important that the tech
instrumentation and high-end capability was
fully in tune with our cyber forensic analysts.
Another core challenge was to make sure we
invested appropriately in tech, process and
people. The people part has always been the
best part for me. Coaching and mentoring
the teams to operate to a new doctrine,
with new technical functionality to achieve
an effect. The challenge, which is ongoing,
is in developing the analysts and our cyber
apprentice through continuous formalised
training and visiting other CSOCs. We’ve
late. In Russia for example, the state will
pretty much turn a blind eye to organised
cybercrime gangs so long as they do not
touch the state apparatus. And alongside
hybrid warfare tactics, the use of proxies to
conduct cyberattacks is now widely seen to
mask attributability. It’s certainly an area to
look out for, particularly as the TTP’s can be
passed from one actor to another. Another
example is where some nation states allow
their cyber actors to generate income by
stealing data and selling it on the Dark Web
to self-fund their own criminal machinery.
It’s been a great journey at Brunel so far
and in a sector that I quickly realised really
needed executive board buy-in. This top
down approach is vital to cascade into
the workforce about the importance of
cybersecurity. If it begins at the top, the
behaviours and the culture changes much
quicker and an enduring communications
campaign into our community was a vital
part of changing minds and improving
practice to become more mature across all
the strands of information assurance. It’s
great to see that IT practitioners, our staff
and our community now care about data
and as a result, data handling has improved.
Tips for aspiring CISOs? Well from my
experience at Brunel, there are a few. Make
INVEST HEAVILY IN YOUR STAFF AND
GIVE THEM A CLEAR PROFESSIONAL
DEVELOPMENT PATHWAY, AS WELL
AS CLEAR OBJECTIVES, DOCTRINE
AND PROCESS.
to predict, detect, mitigate and contain
attacks. We now have an approach within
the analysts and with our instrumentation,
to operate in the space of the ‘kill chain’, to
get ahead of the adversary through effectsbased
thinking. Predicting where nation state
and organised crime attackers will seek to
attack us, knowing our true vulnerability to
also been very grateful for the support of
Exabeam in upskilling our team through
varying innovative exchanges and visits from
its teams. This is ongoing and a core part
of my intent in the coming year, to further
engrain the strategic partnership.
From a personal perspective, I have been
monitoring nation state cyber actors for
some time and often inject some of their
tactics into my novels. The nexus between
the nation state and proxies, plus organised
crime has most certainly broadened of
friends with the executive board and relate all
your narratives to crime, without any jargon.
As a leader of people, invest heavily in your
staff and give them a clear professional
development pathway, as well as clear
objectives, doctrine and process. Conduct
regular simulation exercises – they really are
vital and bring together great programme
managers and strategic partners. The rest is
simply hard graft to navigate the many perils
along the roadmap. Finally; enjoy it. It’s been
one of my most favourite leadership positions
in a career spanning four decades. •
www.intelligentcio.com
INTELLIGENTCIO
65