-optimized.jpg){kind=avatar}
After three days in London, Mark Rowe starts to digest what he learned before setting to work on the January edition of Professional Security Magazine.
To start with the last experience first; at the one-day conference by the information and IT security association ISC2 (pronounced ISC squared), the talk by Matt Rowe, the Chief Security Officer at Lloyds Banking Group (no relation). A phrase of his, โsafe velocityโ was new to me. To dredge up my A level mathematics, velocity equals distance times time. In business terms, then, โincumbentโ banks know they face competitors โ โneo banksโ that may lack the data and brand history of the big high street banks, yet have the advantage of precisely not having the legacy IT systems, and physical high street branches, and can offer whatโs new. Likewise, tech firms may look to challenge banks. The likes of Lloyds, then, have to go digital to satisfy customers โ store data in the cloud, and offer apps to customers; and at โvelocityโ, while keeping data safe. Besides that window on how security enables business, I was struck by the sheer articulatedness of Matt Rowe.
That might be a naรฏve remark; to gain a senior position in any function in any workplace, you have to be a communicator. Yet itโs hard to shake the assumption that data, info-security, cyber, whatever you call the field, is highly technical and is staffed by techie geeks. On reflection, itโs not geeks who go on stage; and cyber has plenty of work for geeks and the articulate, who are the ones to make a case to boards and others (a striking remark in an earlier panel, that I wrote long-hand rather than shorthand to better commit it to memory, was โthe best CISOs [chief information security officers] are politiciansโ. By that the panellist meant office-, not party-political; someone who knows the agenda of the other person, whether a director, team member, or HR, PR, legal or whatever other function, and can articulate his own agenda, whether direct to the board or indirectly via a chief technology officer (CTO) or chief information officer (CIO). That panel session, incidentally, chaired by ISC2โs own CISO, Jon France, was as usefully candid a discussion about how to communicate with a board as any Iโve heard.
In other words, cyber is as much about people as process and technology (as acknowledged, to audience applause, by Matt Rowe during a question and answer session, that he went through fluently). In the real world, to turn to the two-day London Build Show, people suffer from crime. The consultant Frank Cannon compered a session on theft of power tools and machinery from construction sites. Yes, such crime has risen โ driven by sanctions against Russia due to its war in Ukraine, meaning that it sources plant machinery via organised crime. The sad, frankly immoral reality spelt out by the varied speakers was that it suits some manufacturers that products are stolen and cannot be returned to owners, even if police recover them, because the items are not forensically marked and (as important) registered. Farm machinery is marked, and registered through the Cesar scheme; why cannot construction plant be? Because some manufacturers profit from victims of crime having to buy new, to replace stolen property. Worse, as Lee Wilcox of On The Tools spelt out, such theft is, to be blunt, leading to suicides; because some tradespeople have mental health difficulties and are even taking their own lives, above all because of financial worry, and in part because their tools are stolen from their vans, and without tools they canโt work and canโt earn.
Some things you canโt learn unless you are there in person. To take the European conference for customers and partners by the identity security vendor, Sailpoint. I was struck by how considerable it was. Among the speakers were two corporate end users. While not giving away anything that the commercial users said, I noted that numerous people in the hundreds attending held their phones up to take a snap of the diagram of oneโs mapping of their IT and networks that required identities monitored. Suffice to say it was a complicated map, that required a second slide to further explain (that prompted further audience snapping). Understandable; not to steal the intellectual property, but for others in the same boat to better make sense of all the storage, software and apps used by a business and supply chain, requiring security. An endearing touch was that the end user speakers each at the end asked their teams among the audience to stand up and receive applause.
Scam baiter
A similar example of how tech is really about people was at the two-day Retail Bank Transformation Europe show, by Datos Insights. The first speaker on day two was Jim Browning. Thatโs the nom de guerre of a โscam baiterโ (another new phrase), someone who โscams the scammersโ, who lets scammers ring him, and go onto his computer, so that he can carry out social engineering on them, to find out the methods of international (Georgia, Dubai and India, were among places named) organised crime. Event organisers asked attenders not to video or take pictures of Jim, to protect his identity; as was complied with. Itโs giving away nothing to say that if you have an image in your mind of what a โscam baiterโ looks and sounds like, itโs nothing like him.
Retail Bank Transformation Europe next runs on November 18 and 19, 2025; and London Build on November 19 and 20, 2025.
