Lamborghinis, roulette, fine wine and a sea view. Not the usual setting for a cyber security conference. But such was the scene for the inaugural Cyber Security Connect UK which took place in Monaco earlier this month.
Based on a similar model as Les Assises de la Securité, the 3 day event aimed to connect hand-picked C-level decision makers with their peers and selected organisations.
Earlier this year, Mark Walmsley, CISO at Freshfields and Chair of Cyber Security Connect UK’s Steering Committee, said that CISOs don’t just want to talk about technology at conferences anymore, they want to have a conversation about strategy. It was essential for Mark that attendees should glean value from this closed-door, confidential event which would serve as “a bit of counselling to know that we're all in the same world together and we've all got the same challenges.”
Cyber Security Connect UK was created and organised by DG Consultants in association with the networking forum SASIG (The Security Awareness Special Interest Group). Founder of SASIG, Martin Smith MBE, seems to be a magnet for attracting the bright and brilliant from across all sectors. This was reflected at the event itself; a nexus of minds from the MoD, NCSC, The Metropolitan Police, as well as CISOs and vendors. In an emotional address, he said this is about “creating the future in a new way through cooperation and relationship building.” He also called for the cyber security community to jettison the “vendor is the enemy” mentality, adding that “we must treat them with respect and build bridges with them.”
In the opening keynote, Peter Yapp, Deputy Director at NCSC said that it’s only a matter of time till a tier one cyber attack strikes. However, the tone was not wholly negative - we are getting better at mitigating cyber crime but more collaboration and knowledge sharing is needed, he emphasised. He also pointed to a useful a range of questions that the NCSC believes will help generate constructive cyber security discussions between board members and their CISOs. It is worth a read.
Communicating with the boardroom was explored further in the panel discussion, “Reaching the boardroom with meaningful cybersecurity metrics”. One key takeaway was that there is “power in truth” and false positive assurances will not work. It’s also essential to “try to figure out the pulse of the organisation - talk the language they understand through stories that resonate with them.” Narrative is everything.
Not such a bad setting for future gazing and knowledge sharing (photo credit Jake Moore)
Closing the skills gap
I particularly enjoyed meeting some members of the SASIG Gateway - a networking group much like SASIG, but aimed at cyber professionals in the early stages of their career. With no fixed career path to becoming a CISO, the group offers a way of connecting people who are starting out in the sector with more senior security professionals who can serve as mentors and sounding boards.
Robert Coles, CISO of the NHS, said at a time when there’s more demand than supply in cyber, “it’s important to become part of the trusted community because it serves as a space where fellow security decision makers share information, protect, help and defend each other when things go wrong.” Joseph Wise, founder of the group, added, “our business is trust and you are more likely to work with people you know and can trust.” Being part of the community and part of those conversations is essential to establishing that trust.
From the lively, brassy notes of the band in Café de Paris to fascinating tales of enigma machines, the evening entertainment did not disappoint either. Cryptography enthusiast, David Cripps, regaled us with the tale of how he acquired a 1941 German army Enigma machine (one of only 274 registered), as well as demonstrating how the cat and mouse games of decryption are no new thing. And of course there was the temptation of Casino Royale for those feeling lucky of hand.
Musical entertainment at Café de Paris (photo credit Jake Moore)
The human touch
The conference finished on a moving note. Paul Berriff OBE recounted his incredible story of when he was in New York on 9/11 filming with the FDNY’s Deputy Chief Fire Commissioner at the World Trade Center when both of the twin towers collapsed on top of him. Of the 22 people he was with, only 4 survived. Astonishingly, he managed to recover his tape and his iconic sequence of the south tower collapsing became the most powerful image recorded on the day.
It was a truly touching story of bravery and determination which left the room silently stunned. With news reports warning that cyber 9/11 capabilities are an impending reality, he implored the cyber community to continue all the work they are doing to prevent and mitigate cyber attacks.
Paul reminded us that powerful storytelling connects us to our own humanity. A point that encapsulated the whole event. Making security as “human” as possible is key to securing organisations because, after all, as Martin Smith explained, “it’s people who provide the oil for the engine to work.”
There is strength in working together and building bridges. Well done to Martin and his team for reminding us about what matters.