A Day in the Life of a Cyber SQEP

Time for another instalment in our ‘Day in the Life’ series. This week we venture into the strange world of #Cyber...

Meet John Martin , SQEP’s Principal Cyber Security and Safety Consultant. A former member of both the Royal Electrical and Mechanical Engineers and Royal Air Force, John's military career saw him posted to Germany and Northern Ireland and serve two tours in Afghanistan. His post-military career has seen him deliver major infrastructure programmes in the highly regulated agricultural supply industry, and support a start-up uncrewed air system (UAS) with Cyber Security for type certification for operations in the UK, Europe and US. As you’ll discover, since joining SQEP John’s work has remained as varied as ever...

So, John, what do you like most about your job?

While most engineers try to fix stuff, my job is to analyse systems from a cyber-attacker’s perspective and assess where it could be compromised.?There’s a lot of risk analysis on the way but ultimately, it’s about understanding the customer’s risk appetite and presenting cyber risk in a way which can be understood by decision makers. I love it! I strive to add value every day, whether that’s for the customer, the company or my team. The cyber landscape changes at a rapid pace and there are regular headlines keeping cyber at the forefront of people’s minds. For me, cyber in aviation (or any operational technology) is a fascinating field as it is where cyberspace meets the real world; with the worst consequences when and if there were successful cyber-attacks. This keeps the job hyper real and relevant, knowing that everything you are doing is keeping people safe.

What kind of work/ projects/contracts are you involved in?

The team and I are delivering the cyber airworthiness risk analysis for a military aircraft coming into service, against the acceptable means of compliance (DO-326A and DO-356A).

In addition, I am leading the implementation of ISO27001 at SQEP, incorporating the requirements and controls to satisfy Defence Federal Acquisition Regulation Supplement (NIST 800-171A) and Defence Cyber Protection Partnership (DCPP). It’s so rewarding to be actively involved in the growth of such an amazing company.

Can you tell me what a typical day might look like?

My days are varied and (in my opinion) there is never a dull moment: I can be engaging with the cyber team discussing broader cyber compliance, or I could be analysing technical documentation, functional safety/hazard analysis, integration reports to develop an aircraft security risk profiles, or, writing new security policies and process for ISO 27001. I could be fulfilling my role as a line manager/colleague, or helping business development... there is always something interesting and technically challenging to get stuck into. I love it (have I said I love my job?)

Tell me a bit about your previous career/education?

I started off as an electrical engineer in North Devon, graduating North Devon Technical college with a HNC in Electrical Engineering.? Simultaneously, I was a volunteer Army Cadet Instructor and after a few years decided I wanted to don the uniform full time and in 1992, I joined the Royal Electrical and Mechanical Engineers (REME) as an electronics technician specialising in RADAR systems.

Working in Germany, UK and Northern Ireland on various weapons and surveillance systems I graduated as an Artificer RADAR in 2001.? Always looking for fresh challenges and opportunities, I transferred on commission to the Royal Air Force in 2005 as communications and electronics engineer officer and started a new career.

Serving in NATO, Brize Norton, Kirton-in-Lindsey, Scampton and Corsham I deployed to Afghanistan twice on operations, which was a melting pot of innovation, enabling technical transformation – truly excellent!

My Royal Air Force posts were all security related and largely consisted of the development and management of classified IT systems, information security, data links and air traffic services. ?Throughout my entire military career, I was privileged to work with some excellent teams and people, military, civil service and contractors alike.

In 2016 I left the Royal Air Force to work in the agricultural supply chain, a highly regulated industry which required rapidly getting to grips with complex regulations such as BRC, COMAH and ESTA (to name a few) where I successfully delivered several major infrastructure projects, all built to exacting regulatory compliance to time, cost and quality.

In 2021 a fresh opportunity presented itself at Animal Dynamics, a tech start-up developing a novel unpiloted air system (UAS). ?At AD I was delivering the cyber security aspects for type certification to enable operations in the UK, Europe and US at Animal Dynamics (AD) and worked with aircraft system design engineers to deliver the cyber security requirements for type certification for the UAS against DO-236A/DO-356A and DO-355A and more laterally, SORA and CAP722A during the concept/demonstration phases of the aircraft development, ensuring the aircraft was secure by design.

In addition, I led the implementation of ISO27001 whilst integrating the requirements of NIST 800-171A, to develop robust information security policies and processes and the cyber security education and awareness campaign to engender a deep-rooted security culture throughout the organisation.

Anything else you want to add – about SQEP/ The Defence Industry/ anything you think relevant?

I must mention the SQEP team. Amazing people, in a company which truly understands how to value its people. Truly a great place to work and I feel privileged to be part of such a great team.?

I often marvel at what my 17-year-old self would say if I were to tell him where and what I am doing now…he’d think I was crazy (I think he might be right!)

#SQEP #ADayintheLife #Veteran #SafetyConsultant #PrincipalCyberSecurity