Valerie Wilson believes in the power of partnerships as an effective means of keeping public sector bodies safe from cyber harms.
As Service Operations Director for BT’s multi-million-pound Security Operations Centre (SOC) in Belfast, she draws on real-life examples of improving organisational resilience.
At a recent meeting, she sat with a local authority customer who had been victim of a cyberattack several years ago and hadn’t been insurable since.
However, after two years of partnering with BT’s state-of-the-art SOC and Security Information Event Management (SIEM) solution, that was no longer the case.
“During that time, since we have been able to demonstrate zero breaches, the collaboration, and the reporting that we do to keep that council safe, they are now insurable again,” says Wilson, an Iraq War veteran.
She adds: “And they are the only council in that borough who are now insurable again, and I think for me that’s what our job is about. It’s about being able to protect our customers by working in partnership with them, by creating a SOC that has the right perspectives that we’ve learnt through the right levels of professionalisation, the right people, the right position, and the right partnerships.”
When she talks of ‘position’, it’s not just the company strategy she is referencing. The physical location of the SOC, and its requirements is paramount. Wilson is unwilling to go into the specifics – for obvious reasons – but there are certain mitigations in place to prevent any intrusion. In an echo, no doubt, of her military career, the walls are also armoured, likewise the cables, and there are numerous other security features.
“It’s very much a secure environment,’ she says. “Building a SOC is not cheap.”
Wilson has responsibility for around 1,500 staff globally, looking after 5,000 customers in 10 different countries, focusing on providing managed IT services. She says Belfast is ideally situated for cybersecurity with strong links between industry and the globally-renowned Centre for Secure Information Technologies (CSIT) at the city’s Queen’s University. The UK Government recently invested £18.9 million, including £11 million through the New Deal for Northern Ireland, to develop a pipeline of cybersecurity professionals in NI as well helping businesses and startups develop new opportunities.
Part of the investment will see the creation of a new Cyber-AI Hub at CSIT, creating jobs and supporting the research and development of AI-enabled cyber security projects.
“In terms of the Belfast factor, we actually punch way above our weight in the cybersecurity industry,” adds Wilson, who spoke of the need for professionalisation within the sector.
“In terms of the people, you cannot run a SOC without really good people – you can have a fancy building all day long and at the highest security level you want, but if you don’t have the right people and the right professionalisation in it, it is no good to anybody.”
To that end, BT is focusing on certification and assurance. It runs a successful apprenticeship scheme for budding cyber professionals, which enables them to rotate every eight months for a three-year period, in order to maximise their experience of working in the SOC, on the network service desk, in change management or wider managed services. The industry certifications include Certified Soc Analyst (CSA), the International Standard for Information Security (ISC2) and CISM, to name a few.
“From a career development point of view, and the ambition of people, cyber is definitely the place that people want to be, and we find a steady stream of people who are going through and wanting to stay as part of the SOC,” adds Wilson. “Our staff engagement is about 88% and our attrition rate is less than 5% because what we tend to find whenever people come is that they want to stay and have that continual improvement and certification that any techie out there would want to have.”
In Scotland, cybersecurity has become a topic of increasing interest for policy leaders. Wilson spoke recently at Futurescot’s Cyber Security 2024 event, part of Cyber Scotland Week, alongside colleagues from the Northern Ireland Cyber Security Centre and the Northern Ireland Civil Service. She talked of the benefit of having the SOC in Belfast on the doorstep for many customers.
“The threats are becoming very, very vivid and there’s very much a need for something local in Northern Ireland,” she said. “And the ‘ask’ had to be local, which I think is a fantastic way to work with our customers.”