Hunted’s Ben & Danni On Cybersecurity

Rosalind Madge our consultant managing the role
Posting date: 3/21/2019 9:45 AM
Ben Owen and Danni Brooke are the Co-Directors for the EMEA Practice at Fortalice Solutions, a leading global cyber security and intelligence operations company. 

They travel globally to assist clients with their cyber security requirements, bespoke training needs, intelligence and investigations both online and physical and counter fraud training/consultation. They deliver and manage a portfolio of pro-active intelligence solutions to keep people, nations and businesses safe from threats and head up the EMEA operations. 



Ben and Danni also feature on the hit Channel 4 show, Hunted and Celebrity Hunted which has been airing for over four years with another series set to be filmed this summer. I caught up with them recently to discuss the latest Fraud, tools and challenges for the Cybersecurity industry.


Cybersecurity is an ever-changing landscape. What trends do you anticipate for the next 12 months and beyond?

It is always difficult to pin down what the next real trend is going to be in the Cybersecurity space as adversaries are becoming ever more sophisticated.  What was once a very difficult process for skilled individuals is becoming more readily available to novices with advances in software, particularly those shared on the Dark Web.

What is an inevitable threat trend in the next 12-months and beyond is the exponential rise in the Internet of Things (IoT).  With a world where everything is hooked up to the web, it is apparent that tech companies selling these devices are under immense pressure to get products to market. The need for speed could mean that some security principles and best practices may be overlooked.   As the UK encountered during the Mirai Botnet attack of 2016, a network of electronic devices acting in concert can cripple the internet or, worst case, become a weapon that could cause actual physical damage as well as cyber damage, power stations, hospital networks to name but a few.  

How have Data & Analytics impacted the detection, and prevention, of cyber-crime?

A company will have to protect themselves against an enormous amount of cyber threats every second.  A cyber-criminal will only need one successful attempt. Data & Analytics are proving successful in the fight against cyber-crime and their proactive and holistic approach is at keeping people and businesses safe.  Of course, it is Data that is being stolen, but very often Data can come to the rescue.  It helps in a number of ways, e.g. identifying anomalies in employee and contractor computer usage and patterns, detecting irregularities in networks, identifies irregularities in device behaviour (a huge advantage with the rise of the IoT).

What one must remember, however, is the people behind the Data.  You can’t simply collect Data and assume you will be able to detect and respond with the right actions.  You need the people with the right analytical skills to sift through the Data, find the right signals and then react to the threat with an appropriate and timely response.  

What tools and technologies do you think will become increasingly important in the fraud and cyber-crime landscape?

Here at Fortalice we are investing a lot of time into coverage of the Dark Web.  We live in a rapidly changing digital landscape. Criminals, fraudsters, and others are now operating with more sophistication and anonymity. Where do they go to exchange fraudulent details and ideas about current victims? What medium do they use to discuss organisational targets or new ways of defrauding companies? The answer is the Dark Web. 

Traditionally, companies fight fraud from the inside out. We want to change this landscape by accessing the entirety of the Dark Web, its pages, shady storefronts, and treasure troves of Data, and drawing on monitoring toolsets to give our clients a 360-degree resource for identifying adversarial communications and movements. It’s all about Internet coverage.  Wherever it is difficult to find – that’s where your threat will be.  

A final point to this question is one of sharing tools and techniques.  A collaborative approach is always a good way of making sure the wider audience benefits.  We always work with our clients and offer other services and support outside of our remit to make sure they’re fully protected from a cyber and physical space.  

What are the biggest security threats for businesses?

Security is fundamentally broken because the design of many security solutions does not design for the human psyche.  Security solutions are bolted on, clunky, and hard to use but because security teams prioritise defending against easier cyber threats, they often don’t focus on the hardware side.

The biggest risk to companies and individuals is always defined by the Data that is most important to you or to the business.  For individuals, this might be privacy or identity. For businesses, this could be customer Data, intellectual property, and the company’s money in the bank.

The reality is that business executives can’t outspend the (cybersecurity) issue and they must be prepared. Cybersecurity no longer exists in a vacuum and it must be elevated to the conversations held in the boardroom and with senior leadership as well as entire divisions, departments, and organisations.

For someone trying to get into security analytics, what skills do you think are key to being successful in the industry?

The detail is in the name of the role.  A huge ability to interpret large amounts of technical Data is key to the role, as well as being able to assimilate what it means and how to action it.  Risk management is also key to this role.  Very often you will identify potential risks and you will have to triage those priorities on your own as co-workers won’t have the technical expertise to assist.  You will need to be able to communicate successfully to all levels of a workforce and last but by no means least – a good sense of humour!  When you think you have gotten to understand a new threat or vulnerability a new one will replace it within seconds.  Time to put the kettle on, smile, and get back to work with your analytical prowess.  

Within fraud, it's well known that criminals are sharing their approaches, is this mirrored in cyber-security and if so, how is the industry combating this?

Criminal collaboration is huge on the web.  First of all, there is no talent shortage for fraud rings or cybercriminals. There are no requirements for fancy university degrees or certifications and the crime ring pays for performance.  They don’t care what you look like, how you dress, or if you clock in during normal work hours. They care about getting the job done - hacking into and stealing information from others. Together they are sadly stronger and more effective.  On Dark Web forums, you will see fraudsters sharing and selling their ‘IP’ knowing that others will also contribute. That way they are all winners.  In the private world ideas equal money. That is of course not a bad thing for business, but it is bad for collaboration. Businesses generally don’t like to share ideas with one another because it has taken them lots of time and expense to get to their product or solution. As cliché as this comment sounds - we have to change this landscape for the greater good. 

There are lots of smart government initiatives for national defences in cyber security and fighting high-end cyber-crime but seldom does this have a positive impact locally with smaller businesses.  There is a huge amount of information out there for individuals and advice, but we need to bridge the gap still between criminal collaboration and that of the good guys.

If you could change one thing in the industry, what would it be?

The mind set of security professionals that humans are the weakest link. We’re not! Humans are at risk because technology is by design, open.  I’d also change the mind set of those not in the Cyber Security industry.  All too often the severity of what is being reported is not taken seriously, nor are budgets set aside for cyber security issues.  That said, it is improving but there is a long way to go. 

Ben and Danni spoke to Senior Consultant, Rosalind Madge. Get in touch with Rosalind or take a look at our latest job opportunities here.

Related blog & news

With over 10 years experience working solely in the Data & Analytics sector our consultants are able to offer detailed insights into the industry.

Visit our Blogs & News portal or check out the related posts below.

It Takes Two: Data Architect Meets Data Engineer

Information. Data. The lifeblood of business. Information and data are used interchangeably, gathered, collected, and analysed to create actionable insights for informed business decisions. So, what does that mean exactly? And to that end, how do we know what information or data we need to make those decisions? Enter the Data Architect. The Role of a Data Architect Just like you might hire an architect to sketch out your dreamhouse, the Data Architect is a Data Visionary. They see the full picture and can craft the design and framework creating the blueprint for the Data Engineer, who will ultimately build the digital framework. Data Architects are the puzzle solvers who can take a jumble of puzzle pieces, in this case massive amounts of data, and put everything in order. It’s their job to figure out what’s important and what isn’t based on an organisation's business objectives. Skills for a Data Architect might include: Computer Science degree, or some variation thereof.Plenty of experience working with systems and application development.Extensive knowledge and able to deep dive into Information ManagementIf you’re just starting your Data Architect path, be prepared for years of building your experience in data design, data storage, and Data Management. The Role of a Data Engineer The Data Engineer builds the vision and brings it to life. But they don’t work in a vacuum and are integral to the Data Team working nearly in tandem with the Data Architect. These engineers are building the infrastructure – the pipelines and data lakes. Once exclusive to the software-engineering field, the data engineer’s role has evolved exponentially as data-focused software became an industry standard. Important skills for a Data Engineer might include. Strong developer skills.Understand a host of technologies such as Python, R, Hadoop, and moreCraft projects to show what you can do, not just talk about what you can do – your education isn’t much of a factor when it comes to data engineering. On the job training does it best.Social and communication skills are critical as you map initial designs, and a love of learning keeps everything humming along, even as technology libraries shift, and you have to learn something new. The Major Differences between the Data Architect and Data Engineer RolesAs intertwined as these two roles might seem, there are some crucial differences. Data Architect Crafts concept and visualises frameworkLeads the Data Science teams Data Engineer Builds and maintains the frameworkProvides supporting framework With a focus on Database Management technologies, it can seem as though Data Architect and Data Engineer are interchangeable. And at one time, Data Architects did also take on the Data Engineering role. But the knowledge each has is used differently.  Whether you’re looking to enter the field of Data Engineering, want to move up or over with your years of experience to Data Architect, or are just starting out. Harnham may have a role for you. Check out our current opportunities or get in touch with one of our expert consultants to learn more.  

Risk Analytics & Your Job Search

Risk Analysis is a daily part of our decision-making process. Its influences are felt in how we prioritise projects. Hello, project management. It determines when we take breaks. And in the working from home or remote working culture, lines between personal and professional life are soon blurred. Our decision-making ratchets through microanalyses of next steps, words to use, when to log off the computer, and what time to make lunch or dinner. Almost without realising it, we're using the SWOT matrix determine risk. That's just in our personal day-to-day lives. Organisations have been using these strategic planning techniques as a daily part of their enterprise lives. So, imagine this. You determine your strengths, weaknesses, opportunities, and threats (SWOT) to write your CV, land the interview, and get the job. Aren't you already on your way to helping your company determine their risk on a bigger scale?  Isn't Risk Analysis the Same as SWOT? Not exactly. While you are identifying, measuring, and analysing issues, the idea is to avoid or lessen risk. In the movie War Games, the main character decides he's going to play a game. But, neither the computer nor the main character understands the game is not a game. They have no idea what risk they've unleashed as keystrokes begin to lead to war.  Militaries use Risk Analysis regularly to determine if war should begin, estimated casualties and cost just for a start. But, in the end, it's usually decided peace keeps the world away from war after all the risk has been analysed. Though most businesses and individuals don't have the risk of war at their doorstep, there are extenuating circumstances which must be determined to avoid risk. This can be anything from natural disasters to legislation to physical requirements and locations. The SWOT technique is a tool within strategic planning as are Risk Analytics. Let's take a look at the benefits of Risk Analysis.  It can help your business improve security, manage costs, and plan for any surprises. Whether it helps you in your job search or manage your business once you're hired, a combination of SWOT and Risk Analytics can help your decision-making process shine. Done well, Risk Analysis is an important tool for managing costs associated with risks, as well as for aiding an organisation's decision-making process. SWOT your way to a Successful Job Search So, first, let's take a look at what SWOT is and isn't. This type of analysis is a tool most often found in strategic planning for organisations. But, it's not the only tool when assessing risk. Like any data profession, you'll want to gather, collect, and analyse the information before you. And when it comes to the job search, knowing yourself and your self-awareness levels may play a bigger part than you imagine. Skipping ahead to the interview from your 'foot in the door' CV and cover letter both delivered via video, of course, you begin to plan for your interview. "What are your biggest strengths and weaknesses?" your hiring manager asks. You've come well-prepared for this question because you've done your SWOT analysis. From the moment you decided your areas of expertise, your roles in organisations, and any areas you know you need to improve but can turn into a positive. You've pre-assessed your strengths, weaknesses, opportunities or obstacles, and threats. Strengths – What characteristics do you possess which gives you an advantage over your competition? Have you cross-trained across a variety of departments? Do you have a knack for telling a compelling data narrative story to help make leadership make an informed decision? Weaknesses – Where could you use more training? Are you looking for a business that offers it in-house or do you need a certification or class to give you a leg up over your competition? What puts you at a disadvantage and how would find a work around? What can you do to improve? Opportunities or Obstacles – Has your experience taught you a new way of doing things within the industry? Does your experience extend from working alone to strong member of a team? Was the team in-house or scattered around the world? How did it affect your working style and what did you learn from it? Threats – Threats may seem at odds with a job search, but…that was then. This is now. Threats are simply external forces which cause trouble in your planning. In other words, this is your risk assessment. What risks are involved and of those risks which will have less effect and which will have more on your desired outcome? Performing this technique in your personal and professional life helps you peel back the layers of you. What has your education prepared you for? Your work experience? The projects you've chosen or been assigned to? It's all leading somewhere, right? This is where you match your strengths to opportunities. Hello, dream job. If you're looking for your next role in the Data & Analytics, we may have a job for you. Take a look at our current opportunities or get in touch with one of our expert consultants to learn more.  

RELATED Jobs

Salary

£81000 - £150000 per annum + + Benefits

Location

London

Description

Principal Data Scientist, London United Kingdom

Salary

£65000 - £80000 per annum + Additional Benefits

Location

London

Description

Join a global telecoms company driving customer excellence through high impact data science techniques, across 20+ countries and over 400 million customers.

Salary

£500 - £600 per day

Location

London

Description

A chance to use state of the art NLP techniques on a number of projects

recently viewed jobs