I’ve been here nearly four years now, time flies when you’re having fun and in and around the odd stressful moment my job at AW is a lot of fun.
But why does a water company need a role like mine? Well, just think how important the provision of safe, clean water is and think how long you could cope without it in your home, office or work place? If you have a large building with no drinking water or water to flush the toilets or wash your hands it’s going to be a huge problem really quickly. Then multiply that problem by 6 million customers and you have some idea. On top of that we hold sensitive data on behalf of our customers, see huge amounts of money pass back and forth and we have a workforce of 4,500 potential targets for the bad guys to go after.
The bad guys we work to protect ourselves against include a really broad range of ‘adversaries’ from curious teenagers messing about with what they see on Youtube, a massive array of viruses and malware accidentally sent to us and fraudsters and criminals trying to steal our data or our money right up to nation state funded groups who want either our secrets or access to our systems. If you are in any doubt about how real the kind of threats we face are have a Google for Stuxnet, TalkTalk or Saudi Aramco and you’ll soon see that there are plenty of bad guys…
On a day to day basis I have a really varied job, it’s this variety that I love most, the constant uncertainty, change and un-ending challenge. It’s impossible to describe an average day but here’s some of the things I’ve got in my diary.
I will meet with other water companies and also some Government agencies to see how best to cope if something awful happens to us as it did recently to TalkTalk. We’re also working with a major university to conduct some research on how to ensure we do the best we can to help everyone understand the risks we face.
We have a busy schedule of briefing teams across the business on how to manage their IT more securely, including doing some real “man-in-the-middle” cyber attacks to make it real.
We like to keep our staff on their toes. So we will also run exercises with staff groups of around 20 people to practice our response to a cyber event and we like to create our own mock ‘phishing’ attacks to help colleagues recognise attacks and how to defeat them.
I’m also often busy with lots of technical meetings about how our security products work and what we need do to improve them.
So all in all, I think I get to do the most fun job I know of. Depending on the setting I have to be a technical expert, a business leader, a trainer, negotiator, translator, the conscience that holds people to account for the decisions they want to take and the guy that makes sure we can transform our business using some exciting technology and innovation whilst protecting our customers, staff and assets. What could be better?