I haven’t posted here for a while so shame on me, but I think this deserves one.Firstly thanks to the person (highly probable) or persons (unlikely) that nominated me for this years Security Thought Leadership listing.
Since becoming a Director of the Security Institute (SyI) in May 2017 and the Vice Chair in January this year I get out ‘there’ more. Spending time at events and of course posting on the interwebs (albeit not on this blog, doh I must try to fix that…although I do use twitter/LinkedIn loads). I guess there are pro’s and con’s to this but on this occasion it’s proven itself to be really positive!
I don’t mind saying WE have achieved a lot. Now I say WE because it’s not just down me but the entire team. In the SyI we have a large team (over 2600 to be precise) it’s not just HQ, the BoD’s but also our our members. A lot has changed in the last 18ish months and whilst I sit here typing (abroad and away from my kids on Father’s Day 😭) I’m feeling a little proud of that. I truly believe we have a professional body that represents our profession and our members very well! In fact better than it ever has in my 10 years of membership.
I mention this because its important, I wouldn’t (and haven’t previously) be on the list if not for the above. Someone said to me a couple of weeks are you Vice Chair purely to make your CV look good?! Not only is that total BS but anyone who knows me well will also know that isn’t the case, yes it’s something to consider of course but it’s not my main reason and never will be…maybe I will explain more on this another time.
The listing mentions my day job which is also very busy, demands on security teams (across whatever subject matter) continue to be high in order to support global business strategies, evolving technology, global mobility and the heightened global threats. This role helps me to remain current and to have an understanding how the SyI can better support it current and new members.
The IFSEC listing has an independent judging panel of over 30 international experts, lead by Grant Lecky So I guess they thought I deserved it also. I will enjoy it whilst it lasts, bath in the glory and pimp it out at every opportunity I get 😉 and well done to the other SyI members (a special shout out to Baroness Ruth Henig CBE and Dr Alison Wakefield) who were also on the list (even those who were higher than me in the rankings)!
Google has launched a new capability for search results and maps which shows natural disasters and ‘other’ crisis. They have partnered with various agencies including the Red Cross, Federal Emergency Management Agency (FEMA) and various others to source this information. Being someone who is involved in the Corporate Security and also managing a Travel Risk Management programme this is very interesting.
The current functionality is limited to a number of countries where Google has been able to partner with the mentioned suitable agencies. As of go live 12 countries have this functionality including the US, Australia, Canada and the Philippines. I would expect this to grow pretty quickly. This new feature builds on Googles existing safety tools including Google Person Finder and Googles Public Alerts.
The new features allow for pushed notifications to those impacted in the area and are shown via icons on Google Maps, whilst also providing relevant news stories, any local authority instructions and the relevant telephone numbers for reporting and/or information.
As they are focusing on the larger crisis incidents the information is being verified prior to posting (apparently Google has set up a bespoke team) so the speed of response and the relevancy is yet to be seen!
The alerts are currently weather and traffic related but I would also see this evolving and hopefully will include security incidents. If this is the case it could be a great ‘free’ resource for security, business continuity and crisis management professionals. WATCH THIS SPACE…
In my network are many members of the Security Institute (SyI) and as you may know I was recently voted in as a Director. My portfolio has been confirmed as ‘Membership Growth, Retention and Sustainability’. This is one of most important areas and something I feel passionate about and was the main reason why I stood to become a Director. I would be interested to hear from any serving or potential members how the SyI could improve in this particular area.
Of course my role slots into a number of other portfolios for example, Member Services, Events and Exhibitions, Validation Board…..to name a few, but my focus is growing the membership and retaining the members we have.
If you want to become more involved in the development of the SyI please contact me as your support and guidance would be very much appreciated. This could be a sounding board for ideas or more, depending on the time you can commit.
I see this as a great opportunity to make a difference in the professional body that represents our industry and any help you can give would be beneficial to you, the wider membership and the future of the SyI.
Wow the amount of information/cyber security ‘professionals’ that have suddenly come out the wood work is amazing! I’m seeing a lot of message in LinkedIn saying ‘contact us about ransomware’ or ‘are impacted by ransomware contact xxx for assistance’. I guess this gravy train will go on for a few weeks yet. In my binary head the message seems simple:
Patch your computers
Harden your defenses
Run a decent anti-virus
Ensure that you have secure backups
Raise awareness across your employees (unfortunately the weakest link seems to be us Humans??!!)
One interesting piece that I read on Twitter related to Sophos and how they have amended their website marketing relating to one of their clients…the NHS! Follow the updates below, this was originally posted by @maldr0id
Since Tuesday I have received a great deal of congratulations messages and I feel proud to be able to represent my industry peers in the future development of the institute.
Unfortunately in my first 100 hours I haven’t achieved a great deal (shame on me)…..but I’m in the process of setting up a meeting with our chair Garry Evanson to discuss my ideas and on the 16th May is my first board meeting. I have also completed the required Companies House forms to be officially listed a Director.
Also on Tuesday Rick Mounfield was appointed as the new CEO, so it’s certainly a time of change! Rick takes up his new post next week and it will be good to work with him going forward.
Once again thanks to the members who voted for me and feel free to reach out if you have any institute feedback or ideas for the future.
I have decided to stand for a Director position at the Security Institute (SyI). I am passionate about the security industry and I believe that the SyI plays a key role in not only increasing the industry profile but also the people that work within it.
I have held various voluntary roles in the institute for the last 7 years (details below).
In order to be nominated I require two serving institute members to support my application. I have been proposed by Emma Shaw FSyI CSyP (previously our very successful SyI Chair) and seconded by – Sarah Austerberry FSyI. Both of these are highly regarded security professionals in their own right and I’m grateful for their support.
I hope that SyI members I already know, follow me on social media and some others will vote for me. You can vote either in person at the AGM on the 25th April at the Hallam Conference Centre, London W1 or via a proxy vote (details are yet to be released). To attend and vote in person please book via here.
With 9 nominations it’s testament to the security industry that members clearly want to be become more involved in the development of the SyI. This is the most I have ever seen and there are only 5 available posts – so voting is very important! To read all of the candidate profiles please visit the SyI website.
Where do I feel the institute can develop and how I want to help?
My reasons for becoming a Director are genuinely for the benefit of the membership and to further develop the Institute. I have spoken with members (and also some people who are not) and their views are similar to mine.
Adding value to our membership or approach it a different way, decide what value we should be offering members and/or what do members expect
Better understand why members are leaving and improve membership retention
The post-nominal’s (ASyI, MSyI and FSyI) allow us to standout from other security organisations. The validation process should remain robust, albeit I do see opportunities for further improvement (including the application process)
Increasing the profile of the Institute and the industry
The security sector consists of professionals working in many different sectors, the SyI should not focus on one area i.e. Corporate is as important as Military or Government, and also Law Enforcement is as important as retail
Explore opportunities to work with other organisations where security professionals work i.e. Information Security and Business Continuity groups or Fraud Forums
These are big asks but I feel they are key to improving the profile of our industry and making the SyI ‘current’. In my opinion the only way to truly make a difference, is to be more involved in some of the key decisions being made.
My previous and current SyI experience:
Joined the SyI in 2008
Serving member of the SyI Validation Board since 2010 – please click here to read about this group
Previous Vice Chairman of the Validation Board 2011-2014
Previous Chairman and formed the Validation Board Working Group 2012-2014
My areas of professional interest are;
Security assurance and governance
Travel risk management
Developing innovative value ways of working
Increasing the profile of security to non-security people, for example when recruiting new roles or if a security consultant is required institute members should be the first place to look
Who am I?
I have worked in the security industry for over 20 years and I am currently a senior global corporate security manager within a FTSE100 company, having previously worked in the public and retail sectors. I have a good depth of security experience across different sectors, overseas as well as in the UK.
I am a keen ‘amateur’ blogger, having done this for about 6 six years, I also compliment it with twitter. I think its important to engage with peers and I enjoy sharing security news, views and advice (when I’m not moaning about the poor South Eastern trains service).
For further information on my professional experience please feel free to read my LinkedIn profile.
When I told a colleague I was standing for SyI Director he said…”Paul if Trump can be the US President and Boris Johnston Foreign Secretary then I’m sure you can be a Director of the Security Institute”.
We are working in a heightened threat environment with unprecedented exposure on the security sector. There is such a great opportunity to be represented by a professional body that fully supports and is working to the benefit of its membership.
Having been an institute member since 2008 and playing an active role via various voluntary positions, I have a good understanding of the institute and what it currently offers (and unfortunately what it does not). I am proud to be a member, but I believe it can offer more (much more), and as a result increase the profile of security…which would ultimately benefit us all.
Thanks for taking the time to read this, I appreciate it’s a lot of information but I feel its key in order to fully understand why and how I’m approaching this. If you would like to contact me direct, please feel free to drop me an email via email@example.com or tweet me @chatbacksy
Typical!! Just as I’m about to venture onto a 9 hr flight, with my only saving grace being the iPad’s my kids will have surgically attached to them…
The US has announced a ban on electronic devices from cabin baggage on flights from mainly Middle Eastern and North African countries. Officials said extremists were planning to bring down passenger jets with bombs. News about this begun to trickle out on 20th March but at the moment it only appears to affect some carriers flying from a dozen or so countries.
These fresh restrictions which do not have an end date affect laptops, tablets, cameras, DVD players, and game players. Large electronic devices will only be allowed on board in checked baggage. Phones are exempt from the new rules.
The impacted countries and airlines are (but expect this list to grow):
The airports affected are:
The nine airlines are:
Queen Alia International, Amman, Jordan
Cairo International Airport, Egypt
Ataturk Airport, Istanbul, Turkey
King Abdulaziz International, Jeddah, Saudi Arabia
King Khalid International, Riyadh, Saudi Arabia
Kuwait International Airport
Mohammed V International, Casablanca, Morocco
Hamad International, Doha, Qatar
Dubai International, United Arab Emirates
Abu Dhabi International, United Arab Emirates
Saudi Arabian Airlines
Royal Air Maroc
Update: The UK now plans to ban electronic devices for passengers flying to the UK from certain countries.
So for now calm has once again been restored to the Drury household phew…but I might still tell the kids they can’t just for a laugh!
Social engineering is becoming increasingly common as a means by which fraudsters gain access to companies’ and organisations’ data and systems.
Employees are tricked by fraudsters into breaching security protocols or giving away information – exploiting people as the weakest link in the information security chain.
The fraudsters’ techniques can involve physical access into buildings, email phishing and telephone calls, but a new breed of attacker is also now being seen, apparently using more psychological methods involving building trust relationships and using corporate websites, industry forums and social media sites. Attackers get to know a company and its people so well that they can use employees to compromise their own organisation.
As fraudsters continue to seek more sophisticated methods of attack, your organisation needs to ensure that its employees are made fully aware of how they can be targeted. Your staff need to understand the dangers, and be constantly vigilant.
This valuable, extremely topical one-day workshop – led by social engineering expert Jenny Radcliffe – will give you the tools to instill a culture of awareness among your employees, and help prevent your company or organisation being the victim of fraud.
The training is held Wednesday 15th March 2017 or Wednesday 7th June 2017 Central London
Members of the public are being encouraged to download a new mobile application in an effort to save lives during a terror attack. Developed by military and civilian medics, the CitizenAID app helps to guide people through basic first aid skills and potentially lifesaving treatments which can be administered to patients in the vital time before emergency services can arrive. It also provides other immediate actions to ensure your personal safety during such an attack.
The information is available through an app and pocketbook (but you will have to pay £1.99 for this!) and is designed to complement the ‘Run, Hide, Tell’ guidance given by the National Counter Terrorism Security Office in the wake of the Paris attacks.
The launch comes just days after 39 people were shot dead in an Istanbul nightclub attack, and a fortnight after 12 people were killed when a lorry ploughed in to crowds at a Berlin Christmas Market. Because clearly their aim is to help people, why charge £1.99 for the pocket book (which I suspect is the same as the app)? Surely the more ‘freely’ available this type of information is the better for everyone!? In my opinion, stacks of these should be available at large transport hubs, shopping centers, football stadiums etc etc…..I really don’t understand why they are charging!
It’s disappointing that the pocket book is not available until mid January…..why didn’t they delay the launch of the initiate?
Whilst I’m on my soap box, I also think its confusing the amount of different agencies and organisations that provide this type of advice. I think there should be one central authoritative source that the public and businesses can refer to. Maybe there is a current organisation that could provide this? Or maybe one should be set up by merging a few of the ones that clearly appear to do the same or very similar functions…