Search our website

The life and times of Chief Information Security Officer Graeme Marsh

Graeme MarshChief Information Security Officer
17th Nov 2020

A look back on the year that never was 2020 as CISO at Beeks.

 

I was all set to travel the world in 2020 following my decision to leave financial services back in December 2019.  A chance message and the opportunity to be Chief Information Security Officer (CISO) at Beeks changed my thinking… and I’m grateful on many levels, not least the small matter of a pandemic that would have scuppered any travel ambitions. As luck would have it, it really has been a great move for me personally, and professionally.

My role as CISO is to enhance the security function and governance as a cloud service provider as well as implement a risk framework capable of managing risk.  There was also the small matter of obtaining ISO 27001 certification.

My responsibilities have extended beyond pure cyber and information security, where opportunities to improve security by design and privacy led to me running the application software development, IT and data protection teams, enabling strong integration across our global operations.

I love the smell of a framework in the morning

Having successfully implemented the risk framework, we now actively manage all risk in a very strong manner, fully linked to protecting key assets and information.  This framework and new governance model significantly helped us achieve ISO 27001 certification in September 2020, a great achievement throughout the organisation.  Indeed, our real hardcore techies here at Beeks like nothing more than a good risk, audit or compliance review to keep them motivated!

Nice day for a stress test

In between, something strange was happening as a global pandemic rolled in and I thought, “What a wonderful way to test our business continuity plan”.

Like many businesses, Beeks made the abrupt shift to working from home and will continue to successfully operate this way until the world returns to normal. This included 24/7 Operations Centres and, whilst we never really expected to invoke this plan for a long period of time, it has worked well.  Negative impacts are definitely lack of face-to-face contact which can have a serious impact on mental health, wellbeing and motivation.  Consequently, in addition to heightened security awareness, we have provided further support to help manage our teams, during what can be an isolating and worrying time.

Whilst it might not be everyone’s cup of tea, I am an advocate for working from home and it has been great to see the use of technology to enable that. I have also noticed the heightened interest in security from colleagues, in their home lives as well as work, driven in part by increased news on phishing attempts and Zoom call hijacks.  The blur of home and work life making security more prominent in colleagues thoughts, can only be a positive.  One of the key factors driving security is surely people, and making it real and relevant makes my job that little bit painless.

Security Culture

I have been working closely with the network, development and operations teams.  There are some incredibly talented people here at Beeks, all with a real sense of purpose.  Most of my CISO roles have involved influencing the need for security. I have not needed to do that as much here as there is already a culture that security isn’t a blocker but enabler.  That has been refreshing and enabled the speed of change to be fast.  Managing security appropriately and effectively in line with risk appetite has always been my key mantra.

Executive buy-in

I will be honest enough to say that weighing up security controls against low latency, performance and functionality has its challenges.  Having moved from large financial organisations I may have had a pre conceived thought that security would be lower down the order than before.  I was wrong. The executive support at Beeks insists that security be its number 1 priority which was excellent new but rather than take advantage, I have worked hard to make sure we are making conscious risk decisions for the right reasons.  Rather than just throwing technology solutions at a problem, we also have worked hard on people and process improvements for security and privacy. It is going well and with new projects always on the go, our continuous improvement strategy is vital in a constantly evolving environment.

Inner Geek

A quirk of working for a cloud service provider is that it’s all hands on decks from senior execs to analysts alike.  I love my “typical” day, as it could be board meetings, pre sales, RFP responses, architecture, exec strategy, policy writing or vulnerability scanning a new customer installation network or application.  The inner geek is back and I get to play with nmap, netcat, qualys, etc. all over again.

Analyse This

I had fully expected to visit the US and Asia as part of my role, but with restrictions on travel as a result of Covid this has been put on hold. As someone who is used to travelling, I’ve found this new normal strange. I did get to visit London pre lockdown during the integration of Velocimetrics, a network monitoring and analytics firm acquired by Beeks in April 2020. It has been exciting to build out the SaaS and analytics arm of the business, I’ve enjoyed being part of this and some of the work produced is incredible.

Sexy Security?

Some exciting work still happening, even after a year of significant change.  Beeks are embarking on further compliance, this time SOC2. We continue to improve our SIEM, Threat Intelligence, IDS, ATP, DDoS and DLP tools and processes to complement our key business offerings.  This does allow me to be a techy again and play with some rather exciting tools.

Growth (the lockdown has a lot to answer for)

Having been part of Beeks for less than a year, you would think I am still a relative newbie, but I feel like one of the stalwarts now due to our considerably growth in 2020. During a challenging year, the team has more than doubled and it has felt like new colleagues have joined on a near weekly basis as a result of our successes.  It’s fantastic to see so many new faces, but certainly a bit strange meeting through a PC screen and not face to face yet.  As a company we have been fortunate to have sustained continued growth in such difficult times.

On the downside, not all growth is to be celebrated… personally I have also grown, by quite a few pounds, and I am blaming lockdown entirely for that!

It has been a quick year and a strong start.  I genuinely love working at Beeks and the people here and I thank all my colleagues for their help and professionalism, but also for supporting each other during a (hopefully) once in a lifetime situation.  Its manic, busy, challenging, rewarding and incredible fun.  So whilst security, privacy, risk and audit aren’t the sexiest of our tools, the support I get has enabled us to achieve ISO 27001 certification and build some leading-edge security that is winning business.  I really appreciate everyone involved in Beeks and already look forward to the next chapter of our journey.

 

Share article

LinkedIn Twitter Facebook Email