CASE STUDY
Before I joined Brunel University as
Chief Information Security Officer,
I worked in counter-terrorism as an
intelligence officer and bomb disposal
officer. The journey from the world of
intelligence to cybersecurity was a natural
one for me, for many reasons. Nowadays,
you could say that much of my role as
a CISO focuses on counter-intelligence
and that’s how my team operate within
a cybersecurity operations centre (CSOC)
designed specifically for that purpose.
One of my roles in defence intelligence was
what was known as Intelligence Preparation
of the Battlefield (IPB). Nowadays, I’m
more interested in what other adversaries
are doing in the intelligence preparation
of cyberspace. This is where the adversary
is plumbing into networks and digital
environments, persistently gathering
intelligence, waiting for the point in time
when they can trigger a specific action to
achieve an effect, conduct an exfiltration,
or worse, a complete denial of service
through ransomware or similar. So, we have
over halfway through now. My daily tasks
all relate in some way or the other to the
delivery of that strategy. For example,
at this moment in time, I’m focusing
on the capability development plan for
establishing safe data havens for our
research and sensitive data, through a
sequencing of functionality to achieve
Zero Trust environments. This capability
development programme and cyber
and information security strategy is very
important to the university because it
rightly sees cybersecurity as one of its top
five strategic threats.
To help me with delivering the strategy and
building complex capability, I chose to recruit
only a small number of strategic partners.
Embarking on such an ambitious programme
simply could not be done alone and one of
my core visions was to build what I call a
unified cybersecurity platform. Cisco provided
the instrumentation, Exabeam delivered the
next-generation SIEM and Khipu acts as our
expansion of the analytical team to develop
playbooks, conduct penetration testing and
capability development is that you need a
great team to make things happen and to
make a difference. My internal team consists
of a team of cyber analysts, privacy experts
and matrixed IT architects and programme
managers. It became clear early on that
the programme manager was a vital aspect
of that work and that’s where Expede, as
the fourth partner, helped to navigate the
sequencing, tasking into IT teams and acting
as the glue between me and my partners.
The pace was slow initially, but we now have
a battle rhythm in place that is providing
core intelligence, automated defensive
measures and threat hunting through our
CSOC. The next stages of the strategy are to
implement data loss prevention and cloud
monitoring as we move on towards creating
Zero Trust environments.
Cisco and Exabeam have been magnificent
in acting as the expansion of my team and
their critical thought and positive attitude
has made a difference. Teamwork has made
a huge difference where I now see IT teams,
privacy, cyber and programme teams all
to be familiar with their tactics, techniques
and procedures (TTPs) and of course build
capability to counter that.
My core role as CISO has always been to
deliver the five-year strategy I designed,
and one that was formally approved by
the Executive Board in 2017, so we’re just
deliver other InfoSec services. I like to call
them all my ‘critical friends’ as they’ve been
superb at taking my intent and shaping it
into a technical solution and roadmap that is
technically unique within our education sector.
One of the great lessons I learned both
in the military and in the world of cyber
operating towards a common goal and
that in itself has infiltrated our university
community where security is now well
embedded into everyone’s thinking.
In terms of my day job, all of this has allowed
me to provide accurate threat and risk metrics
to the executive board on a regular basis.
64 INTELLIGENTCIO www.intelligentcio.com