Intelligent CIO Europe Issue 20 | Page 64

CASE STUDY C amelot has been the licensed operator of The National Lottery since its launch in 1994. The company is made up of around 750 employees. David Boda has been Group Head of Information Security for more than three years and is tasked with overseeing all aspects of information security. He says of the role: “We run our own Security Operations Centre (SOC) so it’s quite a nice environment to work in because we do most things in-house. “Because the lottery is heavily dependent on integrity, there’s a lot of buy-in from the business for what we are trying to achieve, as well as from the wider stakeholder community. “The National Lottery celebrates its 25th birthday this year and we’ve just passed the £40 billion mark of money that has gone to charities and good causes as a result of what we do. That’s also one of the reasons 64 INTELLIGENTCIO I like working here – it’s not just about being a commercial organisation, it’s about giving back.” products at some point, whether it’s a scratchcard, online IWG or a EuroMillions or Lotto ticket.” Cybersecurity challenges The day to day job At Camelot, all aspects of security are relevant but there is a strong focus on integrity. Boda makes a point of checking his emails just once a day, preferring face to face interaction with his team and the wider business stakeholders. “People need to have confidence that if they play a game, they know they’ve got a fair chance of winning,” said Boda. “We spend a lot of time trying to threat model that out and understand how we can come up with the right answers to give all of our stakeholders the assurance they need – whether it’s regulators, the public playing the games or other stakeholders. “Around 60% of UK adults currently play National Lottery games. So that’s a large proportion of the UK adult population coming into contact with one of our This, he says, is a better way of finding out what the real challenges are, instead of attempting to filter through emails. “I try to balance it to make sure I’m in the office enough but obviously there is quite a lot of external engagement with suppliers, partners and peers in the industry,” he said. Threat sharing and collaboration “I place quite a big emphasis on the value of threat intelligence sharing so we do a lot of www.intelligentcio.com