There’s always a better way of doing things!
On leaving BAe Systems in 2016 I set up Assuriant Consulting Ltd as an independent Cyber Security consultancy.
My previous career in the Met Police Specialist Operations had already taught me that whatever you are doing there is always a better way of doing it.
This motto became even more meaningful when I started my career in Cyber Security as a CLAS consultant with Logica, now CGI. I realised pretty quickly, that as a security professional I had a duty to help my customer deliver secure systems not to stand in their way by saying NO. I found that being a blocker just meant the project found a way to bypass me, usually by getting a senior manager to sign off on risks that they really shouldn’t be accepting.
Computer security has gone through many guises over the years from Information Security to Information Assurance and now Cyber Security, the latest buzzword to describe the job I’ve been doing throughout. The basic role of a security professional hasn’t changed in the 14 years I’ve been doing the job but what has changed massively are the pressures on our role – hugely increased complexity of systems and their interaction with humans, increased urgency to deliver as cheaply as possible and the massively increased number of channels over which we expect to do business now.
Looking at Cyber Security with fresh eyes allows me to focus on the exciting possibilities presented by new technologies, whilst at the same time enabling me to get a realistic understanding of their drawbacks and security concerns.
The following developments in cyber security offer exciting prospects and I’m really keen to explore some of them in blogs on this site:
- UK Cyber Security Council & the Cyber Security Profession;
- Self-sovereign or Decentralised Identity;
- The Internet Computer Protocol;
- Serverless, containerised & canisterised computing;
- Zero trust computing; and
- The UK Digital Identity & Attributes Trust Framework.
The pages and blogs on this site document my journey through some of these topics with the intention of investigating the way they might interrelate with each other. By looking at each of these developments holistically, I hope to develop new and unexpected insights into these developments and their application in our hyper-connected world.
In my Who.Me? experiment and associated Digital Identity Blog I document my journey of exploration by looking at the subjects of managing personal data storage, Self Sovereign Identity and the wider issue of decentralised identity. As a non-techie trying to understand these concepts I’m starting with a couple of basic questions, can I:
- Create my own Personal Digital Identity that would enable me to authenticate myself across the Internet?
- Collect, manage and use my own Personal Data without having to give it up to any Tom, Dick or Harry website which I stumble across in the course of my work?
- Control and manage the use of my digital identity in real world situations?
I look forward to any thoughts and comments you might have and I really welcome an open and constructive debate on these important developments.