Deryck Mitchelson is a “well kent” face in Scottish cybersecurity. As the former digital director of NHS National Services Scotland he oversaw many of the tech platforms spun up in response to Covid-19, helping to deliver the Protect Scotland, Check-In and the Covid passport apps. 

In addition, he oversaw the largest Microsoft 365 rollout anywhere in the Scottish public sector – issuing 200,000 user licences. Whenever we spoke during that time, his headset and ubiquitous desktop screens gave him the air of an air traffic controller. He had a lot on his radar.

Recently, he has taken up a new role as chief information security officer and C-Suite adviser with global cybersecurity company, Check Point. 

Although in the private sector, Mitchelson is still intimately involved in national government policy.

In September he joined the Scottish Government’s National Cyber Resilience Advisory Board and will continue to press the case that cybersecurity needs to be far higher up the list of ministerial priorities.

With the Russian invasion of Ukraine in February, and the recent allegations of state-sponsored Iranian cyber strikes on Albania, there is a general feeling of unease among cyber experts that “spillover” could impact significantly on the operations of public services or critical national infrastructure.

“We need to get ahead of the curve and start to think about real policies and processes to make an actionable difference to the way we protect ourselves online,” says Mitchelson, whose role at Check Point covers the UK and Ireland, as well as Europe, the Middle East and Africa. 

Not doing so would potentially cause significant national upheaval. In Ireland the damage to the Health Service Executive from a ransomware incident last year – which caused all nationwide IT systems to be shut down – is still being felt.

“We need to learn from what happened there and apply it quickly. There is a potential tsunami of cyber warfare coming if we don’t,” he says, describing how cyber incidents have risen five-fold in recent years.

Check Point, with its roots in the famous cyber ops Unit 8200 of the Israeli military, unsurprisingly is a company many organisations turn to for cyber advice and protection. 

With an impressive suite of products to match even the most advanced and sophisticated threat actors, the company’s powerful artificial intelligence (AI) tools rely on millions of sensors to pick up the “signals intelligence” from one line of malicious code that could jeopardise an organisation’s security. 

But it’s more than this “lightspeed” reaction capability, Mitchelson says, that makes Check Point such a robust partner for the public sector as threats evolve.

“It’s a balance between speed and innovation, and making things secure,” he adds. That and Check Point’s willingness to work collaboratively with the public sector.

“This is undoubtedly about collaboration, and we’re focused very much on working with organisations to maintain and enhance their security posture.”

He added: “And that applies, too, across the supply chain so we can try and identify where the threats are coming from. Very rarely when I was at the NHS did the breach come from something internally; it was always a provider of software where somewhere there was a dormant account that was still open, or they had a supplier who was providing DNS services or cloud-based services where somewhere down that chain, it fell apart.”

I’m reminded again of Mitchelson’s penchant for screens and his stewardship of a myriad of applications that saw the country through Covid. Under the most trying of circumstances, he maintained NHS digital services through a pandemic that most definitely did not fall apart. 


Partner Content in association with Check Point

Deryck Mitchelson will be delivering the masterclass ‘Cyber acronyms are no defense from Ransomware. Let’s talk strategy’ at #DigitalScotland2022