We ‘go phishing’ with Martin Riley, Director of Managed Security Services, Bridewell Consulting, who tells us about life inside and outside the office.
What would you describe as your most memorable achievement in the cybersecurity industry?
For me, it’s playing a part in the growth of Bridewell’s managed security services over the last 12 months. Since January, our Security Operations Centre (SOC) has doubled in size to cater to growing demand for managed detection and response. We have gained CREST accreditation and our services have grown significantly; now anticipated to account for a third of turnover in 2021. There are few SOCs within the UK of our scale and capability, and spearheading its development and growth has been particularly rewarding.
What first made you think of a career in cybersecurity?
One of the things that really drew me to cybersecurity was that it’s such an essential part of every business and not an add or by-product as some may have historically seen it. While my current role is my first pure cyber-role, in reality cybersecurity has been ingrained in everything I’ve done throughout my career, for that very reason.
What style of management philosophy do you employ with your current position?
I opt for an open and approachable style of leadership which has really resonated with the people I manage. I’m a believer in mentoring up and down and everyone being a leader, which is a philosophy that really stood out to me when reading Turn the Ship Around! by Lt David Marquet. In it, he demonstrates how ensuring leadership at every level within a workplace can be highly beneficial to both the business and individuals. The book resonated with me so much that I shared copies with my team so that they too could help me build a culture of leadership.
What do you think is the current hot cyber security talking point?
Ransomware is the topic of the moment given its high prominence in the media and boardrooms. Every business will have had to ask the question, ‘How would we respond to a ransomware attack?’ Yet, lots still can’t answer it, which I believe must change.
Every minute a business is not operating has an impact on both revenue and reputation, so organisations need to consider how they can limit the damage of ransomware attacks through effective detection and response. As this conversation rolls on, some businesses are beginning to take out cyber insurance so they can pay the ransom if needed. However, this could be a double-edged sword, after all, if you pay the ransom once, you’ll likely become a target again.
How do you deal with stress and unwind outside the office?
I’m a family man and like nothing more than spending time outdoors with my wife, two sons and our dogs to unwind at the weekend. On a Saturday morning, you’re most likely to find me officiating matches for my eldest’s football team. I’m also a keen cyclist so like to head out on long bike rides with the kids.
If you could go back and change one career decision, what would it be?
My philosophy is that you’ve got to live your life with no regrets. If I changed anything in my past I wouldn’t be where I am today – doing well and really enjoying my job at one of the fastest growing UK cybersecurity service companies. Of course, that’s not to say I haven’t made some poor decisions along the way, but ultimately, I’m here today because of them and I continue to learn from those experiences.
What do you currently identify as the major areas of investment in the cybersecurity industry?
A lot of investment is being driven by Digital Transformation strategies which, while undoubtedly beneficial, create a broader attack surface. At the same time, the correlation between prevention, detection and response is being more widely recognised, resulting in increased investment in Managed Detection and Response (MDR) services and the associated technology which combines human analysis, AI and automation to rapidly detect, analyse, investigate and actively respond to threats.
I think part of the reason we’re seeing such growth in this area is the acknowledgement that the right solution will not only strengthen cyber-resilience, but it can also help to consolidate security tools and increase the RoI of security operations.
Are there any differences in the way cybersecurity challenges need to be tackled in the different regions?
It largely comes down to regulations, as these differ from region to region. For example, EMEA has a lot less regulations than North America, which has much more standards for cybersecurity such as the NIST Cybersecurity Framework. In other parts of the world, differences are more likely to be driven by the country’s economic status and activities.
The challenges in an emerging market and third world country are also very different to that of the first world countries. For example, many Ransomware-as-a-Service groups won’t target specific geographic regions, so it’s less of a concern in those countries.
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months?
Education has been a major focus for us over for the last six months and I expect this to continue for the next year. The market is extremely crowded and it’s hard for organisations to determine what cybersecurity solutions they need to meet their business objectives. It’s recognised that there’s no one-size-fits-all approach to cybersecurity, so we’re working with more and more companies to perform cyber assessments and make tailored recommendations.
At the same time, MDR is still in its infancy, which means it’s open for interpretation by different vendors and organisations. Over the next year or two I expect we’ll see more standardisation of these services.
What advice would you offer somebody aspiring to obtain a C-level position in the security industry?
The one piece of advice I’d offer is to make cybersecurity a business enabler as this is what will differentiate leaders that succeed against their rivals. This means aligning security transformation and Digital Transformation in support of the business strategy and objectives to really push the business forward.
Click below to share this article
