Hunted’s Ben & Danni On Cybersecurity

our consultant managing the role
Posting date: 3/21/2019 9:45 AM
Ben Owen and Danni Brooke are the Co-Directors for the EMEA Practice at Fortalice Solutions, a leading global cyber security and intelligence operations company. 

They travel globally to assist clients with their cyber security requirements, bespoke training needs, intelligence and investigations both online and physical and counter fraud training/consultation. They deliver and manage a portfolio of pro-active intelligence solutions to keep people, nations and businesses safe from threats and head up the EMEA operations. 



Ben and Danni also feature on the hit Channel 4 show, Hunted and Celebrity Hunted which has been airing for over four years with another series set to be filmed this summer. I caught up with them recently to discuss the latest Fraud, tools and challenges for the Cybersecurity industry.


Cybersecurity is an ever-changing landscape. What trends do you anticipate for the next 12 months and beyond?

It is always difficult to pin down what the next real trend is going to be in the Cybersecurity space as adversaries are becoming ever more sophisticated.  What was once a very difficult process for skilled individuals is becoming more readily available to novices with advances in software, particularly those shared on the Dark Web.

What is an inevitable threat trend in the next 12-months and beyond is the exponential rise in the Internet of Things (IoT).  With a world where everything is hooked up to the web, it is apparent that tech companies selling these devices are under immense pressure to get products to market. The need for speed could mean that some security principles and best practices may be overlooked.   As the UK encountered during the Mirai Botnet attack of 2016, a network of electronic devices acting in concert can cripple the internet or, worst case, become a weapon that could cause actual physical damage as well as cyber damage, power stations, hospital networks to name but a few.  

How have Data & Analytics impacted the detection, and prevention, of cyber-crime?

A company will have to protect themselves against an enormous amount of cyber threats every second.  A cyber-criminal will only need one successful attempt. Data & Analytics are proving successful in the fight against cyber-crime and their proactive and holistic approach is at keeping people and businesses safe.  Of course, it is Data that is being stolen, but very often Data can come to the rescue.  It helps in a number of ways, e.g. identifying anomalies in employee and contractor computer usage and patterns, detecting irregularities in networks, identifies irregularities in device behaviour (a huge advantage with the rise of the IoT).

What one must remember, however, is the people behind the Data.  You can’t simply collect Data and assume you will be able to detect and respond with the right actions.  You need the people with the right analytical skills to sift through the Data, find the right signals and then react to the threat with an appropriate and timely response.  

What tools and technologies do you think will become increasingly important in the fraud and cyber-crime landscape?

Here at Fortalice we are investing a lot of time into coverage of the Dark Web.  We live in a rapidly changing digital landscape. Criminals, fraudsters, and others are now operating with more sophistication and anonymity. Where do they go to exchange fraudulent details and ideas about current victims? What medium do they use to discuss organisational targets or new ways of defrauding companies? The answer is the Dark Web. 

Traditionally, companies fight fraud from the inside out. We want to change this landscape by accessing the entirety of the Dark Web, its pages, shady storefronts, and treasure troves of Data, and drawing on monitoring toolsets to give our clients a 360-degree resource for identifying adversarial communications and movements. It’s all about Internet coverage.  Wherever it is difficult to find – that’s where your threat will be.  

A final point to this question is one of sharing tools and techniques.  A collaborative approach is always a good way of making sure the wider audience benefits.  We always work with our clients and offer other services and support outside of our remit to make sure they’re fully protected from a cyber and physical space.  

What are the biggest security threats for businesses?

Security is fundamentally broken because the design of many security solutions does not design for the human psyche.  Security solutions are bolted on, clunky, and hard to use but because security teams prioritise defending against easier cyber threats, they often don’t focus on the hardware side.

The biggest risk to companies and individuals is always defined by the Data that is most important to you or to the business.  For individuals, this might be privacy or identity. For businesses, this could be customer Data, intellectual property, and the company’s money in the bank.

The reality is that business executives can’t outspend the (cybersecurity) issue and they must be prepared. Cybersecurity no longer exists in a vacuum and it must be elevated to the conversations held in the boardroom and with senior leadership as well as entire divisions, departments, and organisations.

For someone trying to get into security analytics, what skills do you think are key to being successful in the industry?

The detail is in the name of the role.  A huge ability to interpret large amounts of technical Data is key to the role, as well as being able to assimilate what it means and how to action it.  Risk management is also key to this role.  Very often you will identify potential risks and you will have to triage those priorities on your own as co-workers won’t have the technical expertise to assist.  You will need to be able to communicate successfully to all levels of a workforce and last but by no means least – a good sense of humour!  When you think you have gotten to understand a new threat or vulnerability a new one will replace it within seconds.  Time to put the kettle on, smile, and get back to work with your analytical prowess.  

Within fraud, it's well known that criminals are sharing their approaches, is this mirrored in cyber-security and if so, how is the industry combating this?

Criminal collaboration is huge on the web.  First of all, there is no talent shortage for fraud rings or cybercriminals. There are no requirements for fancy university degrees or certifications and the crime ring pays for performance.  They don’t care what you look like, how you dress, or if you clock in during normal work hours. They care about getting the job done - hacking into and stealing information from others. Together they are sadly stronger and more effective.  On Dark Web forums, you will see fraudsters sharing and selling their ‘IP’ knowing that others will also contribute. That way they are all winners.  In the private world ideas equal money. That is of course not a bad thing for business, but it is bad for collaboration. Businesses generally don’t like to share ideas with one another because it has taken them lots of time and expense to get to their product or solution. As cliché as this comment sounds - we have to change this landscape for the greater good. 

There are lots of smart government initiatives for national defences in cyber security and fighting high-end cyber-crime but seldom does this have a positive impact locally with smaller businesses.  There is a huge amount of information out there for individuals and advice, but we need to bridge the gap still between criminal collaboration and that of the good guys.

If you could change one thing in the industry, what would it be?

The mind set of security professionals that humans are the weakest link. We’re not! Humans are at risk because technology is by design, open.  I’d also change the mind set of those not in the Cyber Security industry.  All too often the severity of what is being reported is not taken seriously, nor are budgets set aside for cyber security issues.  That said, it is improving but there is a long way to go. 

Ben and Danni spoke to Senior Consultant, Rosalind Madge. Get in touch with Rosalind or take a look at our latest job opportunities here.

Related blog & news

With over 10 years experience working solely in the Data & Analytics sector our consultants are able to offer detailed insights into the industry.

Visit our Blogs & News portal or check out the related posts below.

A Q&A With Dyson’s Data Governance CDO

Mridul Mathur is a skilled Senior Program Director with more than 15 years of experience working in businesses from Deutschebak to Dyson. He has a proven track record of successfully delivering large and complex cross-functional programs and building high performing teams from scratch. In last five years the main focus of his work has been in the area of Data Management to address the issues and challenges organisations have faced in the wake of various new regulations. Data Management and Data Governance are hot topics at the moment. Do you feel that attitudes have changed towards the fields since the beginning of your career? It’s been a very big shift. Going back to my involvement at Deutsche Bank around 2007, we were managing Data purely because we needed to create a Credit Risk position so that we could explain to the Bank of England and other regulators what we were doing. We didn’t really look beyond that.  But now, if you look at the industry, we want to use Data to not only calculate our Risk position but to derive value out of that Data.  It's something that can give a company a competitive advantage  one of those things that can significantly change a business. I personally feel that the turning point, not just for Deutsche Bank but for everybody was the market crash that happened in 2008.  A lot of the company did not have Data Management skills, or the ability to bring the Data together to understand exposures. Those who had exposure against Lehman, for example, could not recover any of the money they lost. That was the big turning point for all of them, when they actually lost hundreds of millions of dollars’ worth of revenue and loans overnight. They didn’t have the right Data, in the right place, and it cost them. What major issues do you see successful Data Governance facing over the next 12 months? I think we're still going through a phase of understanding and internalizing the issue. By that I mean that we understand that our Data is important and how it can help us not only manage Risk but create value. But, when it comes to actually applying it, we are hamstrung by two things:  One is that we haven't quite grasped the ways in which we can internalise that Data. We understand the value but the actual application is not really out there currently. Secondly, I think that in some places, we have too much activity. I've been in places where there have been competing Data agendas and competing Data Governance ideas. When people are not taking their organisational view and just looking to get ahead, it’s hard to achieve any real success.  If you were advising a company about to commence on a large Data Management transformation project, what advice would you give them? This links to the previous point really, and it’s a bigger issue in large companies. You need to have a business approach to Data Governance, as well as the IP capabilities to deal with a project of that scale. And what you find sometimes is that multiple groups get together and they each have a different view of what good looks like. They end up not communicating throughout the organisation and properly aligning everybody’s roles and responsibilities. These different agendas then end up causing issues because everyone has a different idea of what they want.  We need to be able to plan across the organization to get the right agenda and get the right properties in place. Then you can start the work, as opposed to each team just working where they think the biggest problem lies first.  What would you say are the biggest threats to a successful Data Management program? Obviously the above is one, but it leads to another which is really the lack of Senior Management sponsorship. If you don’t get the right level of sponsorship, then you don’t get the mandate to do what you need. This can cause huge delays and is definitely one of the biggest threats to your program being a success.  In finance, you worked within a highly regulated industry. How have your approaches changed now that you’re in a highly innovative, tech-driven environment? The approach is different. We do have challenges that others don't, but over and above, because we innovate and create things, there is an abundance of new information. Information protection and intellectual property protection is therefore at the top of the agenda. That drives the need for effective Data Governance and it really has to be at the forefront of the approach.  Data breaches have caused widespread reputational damage to companies such as Facebook and Yahoo. Have you found that companies now view Data protection as central to their commercial performance? Absolutely. People realize that they not only need Data to do their business, but they also need to protect that Data. These breaches have resulted in a greater importance being given to this function and every year I see it moving closer to the center of the organisation. There are very few large organisations left that haven’t recognized Data Protection as one of their formal functions. A lot of companies are now looking to build out their Data Protection teams from the ground up, starting with lower levels of analysts, but also management as well. It’s becoming a much greater priority and these big breaches are one of the driving factors.  What do you feel will be the most effective technical advancement within Data Management in 2019? I think, from a technological perspective, we still have some way to go with digital rights management. There’s now one or two solutions that are supposed to be at Enterprise level, but they’re not enough and they’re still not joining the digital rights management side of things with the Big Data Loss Prevention side.  So companies are having to rely on seeing this together with a combination of plugin software and various tools and technology. It’s sticking around the edges of the edges of a fix, but it’s not actually doing the job. I'd like to see these technologies develop because I think we're crying for some help in this area.  What is the biggest risk to their Data that businesses should be aware of? Not knowing where to get hold of Data. It is just mind boggling to me, that there has not been a single company that I have been a part of where we started a program and we knew where to get all our Data from. Obviously we knew where most of it was,  but we didn’t know where else it was and that what we were looking at was a comprehensive set of maps. It just continues to be the same at every business I have worked at.   What role does data governance have to play in protecting a business’ intellectual property? It plays a huge role. Firstly, a company needs to be very clear on their Data policies. This means regularly training teams on the importance of this, much like you would with health and safety. By clearly defining and educating people on the dos and don’ts of data handling you can better protect your intellectual property. I think getting the policy framework right and implementing it using digital rights management is crucial and good Data Governance relies on this.  When hiring for your teams, which traits or skills do you look for in candidates? There are two key parts; one is technical and the other non-technical. In my mind, it’s less about the technical because, ultimately, I just want someone who knows how to use ‘technology x’. They need to be able to make use of Data from a database, or be able to spot Data in an unstructured environment. But, for me, the most important skill is more of a characteristic: tenacity. I use the word tenacity because you have to put yourself out there. You have to ask people questions and you have to educate them. You can’t assume that people just understand Data you’re presenting them and you have to become their friends and learn to speak their language. It also really brings in the skill of being able to work with teams and across teams. Being a team player would absolutely be top of my list. Mridul spoke to Femi Akintoye, a Recruitment Consultant in our Data & Technology function. Take a look at our latest roles or get in touch with Femi.

How To Attract Data Scientists To Your Business (And How Not To)

Whilst the role of Data Scientist is still considered one of the most desirable around, many businesses are finding that a shortage of strong, experienced talent is preventing them from growing their teams sufficiently. With a huge demand for such a small talent base, enterprises have begun to ask what they can do to ensure that they can secure the skillsets they need.  If you’re looking at hiring a Data Scientist, there are a few key Do’s and Don’ts that you need to bear in mind: THE DO’S Create A Clear Career Path In most companies, a career path is defined. Usually you grow from junior to senior to manager etc. However, Data Scientists often like to become experts rather than moving up the traditional career ladder into people management roles. And, once a Data Scientists becomes an expert, they want to remain an expert. To do this, they need to keep up with the latest tools and data systems and continually improve. That’s why it’s important that you put in place a clear career path that suits the Data Scientists. In addition to the possibility of leading teams on projects, businesses should provide opportunities for financial progression that reflect growing skillsets in addition to increased responsibilities.  Let Them Be Inventive One of the biggest turn-offs for Data Scientists is lack of opportunities to try new techniques and technologies. Data Scientists can get bored easily if their tasks are not challenging enough. They want to work on a company’s most important and challenging functions and feel as though they are making an impact. If they are asked to spend their time on performing the same tasks all the time, they often feel under-utilised. Providing forward-looking projects, with innovative technologies, gives Data Scientists the opportunity to reinvent the way the company benefits from their Data. Provide Opportunities To Discover  As part of their attitude of constant improvement, Data Scientists often feel that attending conferences or meet-ups helps them become better at their role. Not only are these a chance for them to meet with their peers and exchange their Data Science knowledge, they can also discover new algorithms and methodologies that could be of benefit to your business. Businesses that allow the time and budget for their team to attend these are seen as much more attractive prospects for potential employees in a competitive market.  Give them the freedom they need Data Scientists are efficient workers who can both collaborate and work independently. Because of this, they expect their employers to trust that they will get the job done without feeling micro-managed. By offering flexible working, be it flexi-hours or working from home options, enterprises can make themselves a much more appealing place to work.  THE DON’TS Hire The Wrong Skillset As many companies begin to introduce Data teams into their business, they can often attempt to hire for the wrong job. Generally, this will be because they automatically jump to wanting to hire a Data Scientist, but actually need a different role placed first. For example; a company may be looking to hire a Machine Learning specialist, but their data pipeline hasn't even been built yet. There are many talented candidates out there who want to work with the latest technology and solve problems in complex ways. But the reality is that a lot of businesses aren’t ready for their capabilities yet. Before hiring, asses what skillsets you really need and be specific in your search.  Undervalue Their Capabilities  There are still a large number of organisations that do not value Data within their culture and Data professionals pick up on this incredibly quickly. If they feel that their work is under appreciated, and they know that there is high demand for what they do, they will not waste their time sticking around. Ask yourself how you see your Data team contributing to the company as a whole and make this clear within your organisation. Advanced Data Scientists don't want to work on dashboarding so make sure that their work will have an impact and explain how you see this happening during the interview process. Additionally, be aware of other financial implications that their hire may have. It’s likely that they’ll need a supporting Data Engineer to work with and, if they don’t have access to one, they have another reason to look elsewhere.  The Data Scientist market is a candidate-driven one and, as a result of this, businesses need to go the extra mile to ensure they get the best talent around. By offering a strong set of benefits, the opportunity to grow and progress, and an environment that values Data, enterprises can stand out amongst the crowd and attract the best Data Scientists on the market.  If you’re looking for support with your Data Science hiring process, get in touch with one of our expert consultants who will be able to advise you on the best way forward. 

RELATED Jobs

Salary

£45000 - £65000 per annum + bonus, pension, benefits

Location

Bedfordshire

Description

An opportunity as a Data Quality Manager for a leading B2C insurance brand, leading key data quality and data governance projects.

Salary

£40000 - £65000 per annum + bonus, pension, benefits

Location

Luton, Bedfordshire

Description

An opportunity as a Data Governance Analyst for a leading consumer brand, leading key data governance projects.

Salary

€70000 - €100000 per annum + BENEFITS

Location

Munich, Bayern

Description

Unser Kunde, ein modernes Beratungshaus im Bereich Big Data und Data Warehousing sucht derzeit nach einem erfahrenen Data Governance Consultant (m/f/d)!

Salary

€80000 - €120000 per annum

Location

München (80335), Bayern

Description

Haben Sie Erfahrung in der Implementierung von Frameworks und Hands-on Experience in verschiedenen Data Quality Projekten?

recently viewed jobs