When you work in security, client confidentiality often means you can't talk much about your work, so last week was an interesting experience for me, and break from the usual routine. This was when the paper I recently wrote for ASPI (with support from Thales) on the challenges of effective cybersecurity for our critical national infrastructure was launched. The events included a public launch evening in ASPI's impressive new events facility at their Barton offices (including the famous drinks and canapes afterwards), and a roundtable lunch a couple of days later with key industry and government leaders. The story was picked up by ZDNet, Government News, and even made it into the rarefied pages of CommsDay. When I introduced myself to people I'd never met before, they immediately commented on my article in the ASPI strategist. You can even find me on Youtube, which I'm sure once upon a time I once swore would never happen! OK, so not exactly a media celebrity, but more publicity than MDR Security normally gets.
If you're interested in our views on the risks and recommendations to address them, you can read more about the work and our conclusions in the links above. However, here I thought I would reflect on the whole experience - what else have did I learn from this?
1. Collaboration is key to finding the right solutions for today's cybersecurity challenges. This is definitely true in the critical infrastructure sector where government and commercial organisations need to work together effectively to make any progress. (Of course, anyone who knows me knows I'm passionate on the subject of government-industry collaboration so maybe this wasn't really anything new.)
2. Finding the answers will take time. Someone joked to me they were disappointed the report didn't include the "silver bullet" solution, and the latent scientist in me certainly feels sympathy with this sentiment. However, here I think the real success is to stimulate constructive discussion and debate, and the participants in the launch events certainly did that - thank you to all of them!
3. To get everyone contributing to the discussion, you need to be able to communicate to as broad an audience as possible. In this case, that meant setting aside my engineering instincts and trying to be less technical whilst still explaining the salient issues. Not sure how I did overall, but in retrospect there was one area I probably could have done better, which brings me to the last lesson learnt....
4. When you've drafted and re-drafted your own paper so many times that you can't face it any more, do one thing - look at the title again and think about whether it's the best possible first impression you can give to your prospective audience. Maybe having the phrase "IT and OT convergence" might not have been the best way to attract the non-technical reader?
Anyway, time to move on to the next project, but I look forward to the next opportunity to do this type of work. Meanwhile, as the attention dies down I'm left with the nagging thought of what it will still take to get the MDR Security company website onto the first page of results when you Google the name, and whether my small select group of Twitter followers will ever grow to a respectable number...
....................................................................