I am enjoying my work with Dynamo North East to try and set up a cyber resilience cluster across the region. This is a topic I have covered on several occasions and one, no doubt I will come back to. I sometimes wonder how I have arrived here as I would never class myself as an expert in such matters. I am learning such a lot however and so perhaps I am increasingly becoming so.
What I am enjoying most is meeting the people involved in the industry and getting to understand the differing aspects and nuances that go to make up the cyber jigsaw. In the last few weeks I have been making contact with as many people as I can following up on our successful Think Tank back in February. The cluster needs as many people to get involved as it can, to represent the four themes it is following: Strategy; Awareness; Learning; Business.
My latest meeting was with MIke who works at one of the major IT companies in the region. He leads the Product Security Team which is separate from their corporate IT. His team sits in the product development division.
The company’s products are technical and so it makes sense to have a technical team looking at the implications of cyber security. The organisation has ninety security champions, people who are not necessarily from a cyber background but who are interested in the subject and are influential across the company. This is not a skill they buy in, they grow their own by giving them specialist training in how to spot weaknesses and opportunities for criminal intervention. It is a great way to bring different pairs of eyes (remember there are over ninety of them, people that is, not eyes) and different perspectives to the production, that those in the middle of creating a product may not see.
Yet this is an approach that would work for products outside of the pure software. A growing number of consumer products now have a technical component and this can leave themselves vulnerable to security issues. Having a product security approach, something which is embedded in the manufacturing process would go a huge way to closing some of the easier routes in for those with malicious intent.