Coming Home

This week I have re-qualified as a Certified Information Systems Auditor and officially moved to join the Cyber and Operation Resilience Team at Wavestone.

My career as a infantry officer came to a very early, very abrupt, and very painful end lying on my back in a puddle in Aldershot.?Once I recovered my first proper job was as an Assistant Manager for a builder’s merchant.

The first time the branch manager went on holiday I noticed some unusual transactions in the IT system, and several, very intense, hours later I had assembled evidence that a systematic fraud was being perpetrated against the business and raised the alarm.

Over the next few months I discovered that the life of a whistleblower can be extremely uncomfortable, and that I was fascinated by how the controls in the IT systems had been circumvented to enable the fraud to be undetected for so long.

As it was clear that my whistleblowing was unlikely to enhance my career I decided to return to university to learn the basics of IT.?

After learning the ropes in a?couple of IT and software sales jobs I studied for a Master’s in IT security.?My dissertation was exploring vulnerabilities in Windows 2000 and although it shows my age, many of the issues in managing the then brand new Active Directory are still relevant today.

Once I had graduated I joined on Information Risk Management team at KPMG and started working towards the CISA qualification.

I joined a Cyber Security start up, and over the next few years, worked as an interim director and advisor for several small IT and software companies advising on IT security and business development.?I found that the CISA qualification, combined with the practice and theory from my Master’s gave my clients confidence and assurance that I would be able to add value.

It seemed like an interesting challenge to join Nottingham City Council for six months to manage their transformation programme, and little did I know that I would spend the next 15 years working with senior leaders and politicians across the public sector designing, implementing and assuring major transformation programmes.??

I worked with local authorities to save millions by re-configuring their physical estate, led a team that created a new entity that employed 500 social workers, redesigned care pathways for vulnerable children, was involved in major health system re-organisations and implemented strategic commissioning approaches that transformed the way local authorities designed and procured services.?

I loved working with senior leaders to help shape and deliver public sector reform.?But I also missed technology, and in 2014 had the opportunity to do something about that when I took on the challenge of leading the consulting team supporting the Irish Health Service Executive to design and implement a national finance reform programme, underpinned by the ambition to create a national ERP system to support 400+ separate legal entities.

Since then I have designed, implemented and provided assurance on technology enabled transformation programmes across the public and private sector.?I have advised the UK Ministry of Defence on IT strategy, public sector agencies on systems procurement and information risk management, worked with Amazon and local authorities to understand how consumer technology can be safely provided as part of care packages for vulnerable people, and tackled the issues involved in balancing confidentiality and availability of electronic care records.?I have worked with the private sector to tackle technical debt, build more inclusive cultures, prepare for the possibility of negative interest rates, develop new services and implement new operating models.

When I stand back and reflect on the work I have done, and more importantly the work I want to do it is clear to me that there are two considerations for organisations undertaking major change:

1. Information security is a fundamental pillar of competitive advantage.?Information is the most valuable asset for nearly every organisation, and maintaining high availability and appropriate confidentiality is critical to the organisation’s success and survival.
2. Business Transformation is underpinned by culture and technology, and it is the combination of these factors that drive behaviour of individuals within an organisation.

Which means I have come right back to where I started my career at the builder’s merchant - understanding how systems are vulnerable, how organisations can protect their information assets, and that influencing individual behaviour is key to organisational success.

I’m hugely excited about the next stage of the journey.