Having spent eight years serving in the British Army as a Communications Systems Engineer, deployed to warzones around the world, Phil Steadman understands the critical importance of effective cybersecurity defences.
As Head of Cybersecurity at The Software Institute (TSI), Phil is now using his years of expertise to train and upskill the next generation of cyber professionals, while working with global businesses and government departments to keep their information and systems safe.
Here he reveals more about his role at TSI, the evolving threat landscape in the digital world, and the importance of a zero-trust approach to security for organizations of all sizes:
What made you want to join TSI?
“I was working at a large systems integrator when I heard about TSI and its mission to reimagine the training and deployment of a new generation of digital talent, and it excited me. My experiences in both the armed forces and industry gave me a unique understanding of the latest cyber threats and counter measures to overcome them, as well as the complex security needs of major organizations in both the public and private sector. I felt this expertise would add huge value to the experienced senior team TSI was building. Given how quickly the company has grown this year, I wanted to play my part in building a zero-trust culture from the outset.”
Why is a zero-trust culture so important?
“Cyber-crime costs the UK economy alone an estimated £27 billion a year so building effective cyber-security systems and processes is critical to every business. A zero-trust approach is one predicated on the fact that most organizations will be targeted at some stage in their lifetime; it is not a case of if but when. Organisations must be alert to the wide range of threats that exist. By instilling a zero-trust culture in its employees, it builds a sense of healthy suspicion and prevents them falling victim to things like phishing emails and impersonation tactics – keeping critical data and infrastructure protected.”
As the Head of Cybersecurity at TSI, what does your role entail?
“It is hugely important that TSI has a solid foundation internally when it comes to security best practice. I am leading the process of aligning our cybersecurity policies and gaining ISO accreditation, which we expect in early 2023. From there, we will continue to buildout our cyber division so that we have even greater capability to meet the needs of our customers.
A key part of my role – and an aspect I really enjoy – is education. As someone who has attained both a degree in Communication Systems Engineering and a master's degree in Computer Security, I understand the pros and cons of traditional teaching methods. With the talent at TSI, I found that regular bitesize bits of information are a much more effective and engaging way to help people retain important information. I have now created a weekly newsletter that goes out to everyone in the company highlighting the latest trends, technologies, and news in the world of cybersecurity. It is kickstarting some fascinating conversations amongst the team and helping keep security front and centre in people’s minds.”
How is the threat horizon changing and what can businesses do to protect themselves?
“Critical vulnerabilities are constantly being uncovered leaving organizations exposed. That said, the most common ways organizations fall foul to a cyber-attack tend to fall into one of three areas: poor coding, phishing or impersonation emails, and human error.
To safeguard data and limit the risk of human error, organisations should adopt role-based access (RBAC) policies to ensure that access to computer systems is restricted to authorised users only. On top of that, using Dynamic Secrets empowers companies to create automated short-lived dynamic credentials across data environments. Users are then granted unique time-based credentials and access can be revoked when this expires.
On the software side, applying the core principles of DevSecOps – whereby security is built and tested at every phase of the software development lifecycle – is something our teams at TSI do with every client. It not only enables development of secure software at the speed of Agile and DevOps but leads to greater collaboration between teams, quicker decisions related to security operations, and ensures everyone is accountable for security from the outset.”
How can the UK raise awareness of digital threats and train more cyber-security professionals?
“The National Cyber Security Centre is doing some fantastic work to protect critical infrastructure and raise awareness of the dangers and threats that exist. There is an undeniable skills shortage across the industry, so the more we can do to encourage people to seek out careers in technology and cybersecurity, the better off we all will be. But the onus should not always be on government. Businesses have a responsibility to educate, develop, and invest in the right people to implement best practice when it comes to cybersecurity.
Here at TSI we are taking up that mantle and educating a new generation of digital talent through our bootcamp sand training academies, delivering highly skilled security experts into the workplace who live and breathe a zero-trust mindset.”
And lastly, what advice would you give people looking to develop their cybersecurity skills?
“Strive to be a great learner and then grow to become a great leader. The industry needs people from all backgrounds to help it thrive, so if you want to kickstart your career in technology, get in touch with one of the team at TSI today or speak to one of our graduates and find out how we can help you realise that dream.”