Simon Hepburn Is The New Permanent CEO appointed to lead the UK Cyber Security Council

The UK Cyber Security Council – the charitable, self-regulatory body for the cyber security education and skills sector – today announced the appointment of Simon Hepburn, a charity and education executive with over twenty years’ experience in a variety of national and international organisations, as its chief executive.

Hepburn has previously been chief executive of a charity and founded two others, and has held director positions with a variety of charities, academy trusts and businesses. He was also a Trustee Board member of ACEVO (Association for Chief Executives of Voluntary Organisations) and has also sat on the BBC Charities Advisory Board.

“Simon Hepburn’s record is one of delivering at the sharp end of education and careers, for charitable organisations like the Council,” said Dr. Claudia Natanson, chair of the Board of Trustees of the UK Cyber Security Council. “The Council may well be the voice for the profession, but it is absolutely intended to be a ‘doing’ organisation rather than just a ‘talking’ organisation, so this attribute made him an excellent candidate for CEO; we welcome his passion and energy and look forward to him driving the organisation forwards.”

“I make no secret of my passion for supporting people and organisations to reach their full potential and make a positive contribution to society – it has been at the heart of my career to date. I intend to bring the full weight of that knowledge and experience to bear on the activities of the Council, benefiting the cyber security profession,” said Simon Hepburn, CEO of the UK Cyber Security Council. I’m excited by the opportunity to work with one of the most critical sectors in our country, delivering education and skills support and resources to organisations and the professionals that are essential to the safe, secure and prosperous operation of the UK economy.”

Hepburn’s other career roles include:

  • Founder of Black Star Inc., advising on diversity and inclusion, leadership and management, people and change, strategy and organisation development, careers and employability
  • UK Director at international social action charity City Year UK, leading on school partnerships, programme design and delivery, leadership programme development, mentor experience and programme impact
  • Director of Education and Policy at ed-tech company U-Explore Ltd, supporting schools, colleges, local authorities and businesses on careers and employability programme development and partnerships
  • Director of Pathways and Partnerships for Academies Enterprise Trust Careers, leading on the development of the Championing Careers Guidance Programme working in partnership with the Greater London Authority (GLA)

Simon Hepburn succeeds Don MacIntyre, who was appointed as interim CEO by the Board of Trustees in January 2021 during the Council’s formation.

(50)

Share

University of Warwick Wins Veracode’s First-Ever Hacker Games

Next Generation of Developers Establish Secure Coding Skills Through Two-Week Competition

BURLINGTON, Mass. – March 31, 2021 – Veracode, the largest global provider of application security testing (AST) solutions, announced today the winner of its first-ever Hacker Games competition, which challenged students to hack and patch real-life apps online. WMG Cyber Security Centre at the University of Warwick was crowned the winner and awarded a $10,000 charitable donation after successfully completing 1,854 challenges over the course of two weeks, while Tufts University took second place and a $5,000 donation. In addition, each individual player from the winning teams and overall top scorers won prize money.

Professor Tim Watson, Director of the WMG Cyber Security Centre at the University of Warwick, said, “The Hacker Games were a fantastic way to promote secure software development and provided our students with a highly challenging experience. The labs are tremendous resources and we will be encouraging our students to take advantage of them to further their skills and experience. We are very grateful to Veracode for creating such a wonderful environment and competition.”

Setting Future Software Developers Up for Success

By empowering the next generation of software developers to write secure code, the Veracode Hacker Games aim to help plug the cybersecurity skills gap. The two-week collegiate competition saw nearly 90 computer science and cybersecurity students from leading universities across the U.S. and U.K. complete hands-on challenges in Veracode Security Labs. Altogether, participants solved a total of 8,500 labs and accumulated nearly 100,000 points.

Chris Wysopal, Founder and Chief Technology Officer at Veracode, said: “The cybersecurity skills gap is proving costly to corporations worldwide. The Hacker Games are a way for us to demonstrate the importance of secure coding to the next generation of software developers. The passion, competitive spirit and commitment from each participating university was impressive and we’re excited to work with each of these schools to make software security a more regular part of their curriculum.”

All participating universities in the Hacker Games will be given complimentary Veracode software for a year. For more information about the universities and teams, visit www.hackergames.io.

About Veracode

Veracode is the leading independent AppSec partner for creating secure software, reducing the risk of security breach, and increasing security and development teams’ productivity. As a result, companies using Veracode can move their business, and the world, forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps companies get accurate and reliable results to focus their efforts on fixing, not just finding, potential vulnerabilities. 

Veracode serves 2,500 customers worldwide across a wide range of industries. The Veracode solution has assessed more than 25 trillion lines of code and helped companies fix more than 59 million security flaws. Learn more at www.veracode.com, on the Veracode blog, and on Twitter.

(151)

Share

UK Cyber Security Council Begins As Independent Body

The Cyber Security Alliance-led Formation Project has created an umbrella body that will grow to champion cyber security education, training and skills

LONDON – March 31st 2021 – The UK Cyber Security Council – the self-regulatory body for the cyber security education and skills sector – today announced that the Formation Project to create the Council has completed, allowing the Government-mandated Council to officially become an independent entity, fully and only accountable to its Trustees.

The Council will champion the cyber security profession across the UK, providing broad representation for the industry, accelerating awareness and promoting excellence in the profession. It will do this by delivering thought leadership, career tools and education resources to the cyber security sector and those seeking a career in the industry, alongside helping influence government, industry and academia with the aim of developing and promoting UK cyber security excellence globally and growing the skills base.

Dr Claudia Natanson, chair of the Council’s Board of Trustees, said: “The Formation Project has put down solid foundations on which the Council can build, and that is what the Council is able to, and will do, from today. The next few months will be especially busy; we are now able to hire and start work on gaining traction and momentum across and beyond the profession. We’ll also be engaging with Government to ensure the delivery of the standards and governance needed to ensure a strong cyber security profession now and in the future. The trustees assure all those involved in the Council to date of our maximum efforts to take their work forward.”

Near-term tasks for the Council include:

  • the appointment of a permanent leadership team, who will work with the Board of Trustees to establish the Council as a leader in the profession, influencing its standing and reputation within the UK and globally; and
  • the recruitment of personnel to take forward the work of the Formation Project on elements of the Council’s remit, including recognition for cyber security practitioners, professional ethics, diversity and inclusivity in the profession and thought leadership

Dr Natanson also thanked the Cyber Security Alliance and the member organisations that supported the Formation Project. “For twenty months, scores of volunteers from the 16 forward-thinking organisations of the Cyber Security Alliance have devoted countless hours to getting the Council to this date. We cannot thank them enough, because without them there would be no Council. In the teeth of a pandemic, to reach this date with the Council on schedule is remarkable,” she said.

Dr Budgie Dhanda, managing director of 3BDA and co-chair of UK Cyber Security Council Formation Project, said: “The volunteers from the members of the Cyber Security Alliance have put heart and soul into the Formation Project, and the members of the Alliance itself have supported their staff all the way. We’re all very proud of what we’re handing over today and look forward to its evolution into a fully functioning, effective Council to represent our profession through the changes ahead.”

Dr Bill Mitchell OBE, chair of the Cyber Security Alliance, “Today marks a significant milestone for the many people who are today and will be in the future handed the enormously important task of protecting the United Kingdom and its economy from cyber threats that undermine the foundations of modern society.  Handing over the Council to its trustees is the culmination of over four years of commitment to a shared vision and shared values of public benefit from 16 organisations that came together in recognition of the breadth of skills and disciplines that go into this task. Now a new profession for the UK can be officially recognised and supported. The Alliance remains fully committed to supporting the new Council and ensuring it succeeds at the pace and with the reach the UK needs as we recover from the pandemic and find our place outside the EU.”

The Council has been invited by the NCSC to participate at CYBERUK, the UK government’s flagship cyber security conference in May. It will outline some initial plans at the event.

History of the Council to date

  • In November 2016, the UK Government’s National Cyber Security Strategy 2016-2021 set out “the UK Government’s plan to make Britain secure and resilient in cyberspace”.
    It included ambitions to develop and accredit the cyber security profession by: “…reinforcing the recognised body of cyber security excellence within the industry and providing a focal point which can advise, shape and inform national policy.”
  • In December 2018, the Government’s Initial National Cyber Security Skills Strategy policy paper specifically prescribed a new, independent body: the UK Cyber Security Council.
    The policy stated that: “Our ambition is for there to be a new, independent UK Cyber Security Council that will embolden the profession to structure and develop itself in a way that meets current and future demands. The Council will be charged with the development of a framework that speaks across the different specialisms, setting out a comprehensive alignment of career pathways, including the certifications and qualifications required within certain levels. The Council will lay the structural foundations of the cyber security profession that will enable it to respond to the evolving needs of industry and the wider economy.”
  • In August 2019, the Department for Digital, Culture, Media and Sport (DCMS) appointed the Cyber Security Alliance following a competitive tender process, with the  Institution of Engineering and Technology (IET)serving as the lead organisation, to design and deliver the UK Cyber Security Council.

The Cyber Security Alliance
The Cyber Security Alliance brings together a range of established knowledge and disciplines, each of which currently has a leadership role in underpinning UK expertise in the digital environment.  With an overall aim to provide clarity around the skills, competences and career pathways within this fast-moving area of cyber security, the initial objective is to support commitments expressed within the UK National Cyber Security Strategy, including the stated intent to recognise professionals through Chartered status. Members include:

About the UK Cyber Security Council
The UK Cyber Security Council is the regulatory body, and voice, for UK cyber security education, training and skills. It drives progress towards meeting the key challenges the profession faces and develops, promotes and stewards nationally recognised standards for cyber security qualification and learning. The Council, working closely with the National Cyber Security Centre (NCSC), the UK’s national technical authority for cyber security, supports the UK Government’s National Cyber Security Strategy to make the UK the safest place to live and work online.

The establishment of the Council by the Cyber Security Alliance consortium of cyber security professional bodies was commissioned by the Department for Digital, Culture, Media and Sport (DCMS) in September 2019.

(105)

Share

British Army Digital Forensic Specialists Win Two Top International Awards

A British Army Sergeant and digital forensics expert and a forensics team from the British Army’s Royal Military Police (RMP) have proved they are the best in their field, having won two top awards the International Digital Investigation Awards 2020. The IDIA celebrates innovative action by law enforcement agencies from around the world.

The virtual ceremony hosted nominations from world renowned organisations including the Federal Bureau of Investigation (FBI) and the Metropolitan Police in categories including digital forensic techniques, collaborative investigation and digital investigator of the year, to name a few.

Use of Advanced Digital Forensic Techniques Award

Sergeant James Stubbs, of the Service Police Cyber Crime Centre (SP3C) scooped the Exceptional Use of Advanced Digital Forensic Techniques Award, beating other highly skilled specialists and team finalists from the Metropolitan Police Service Cybercrime Unit and Leicestershire Police’s Digital Media Intelligence unit.

On receiving the award, Sgt Stubbs said: “I’m delighted to have been nominated and to have won the award for what was a challenging and rewarding investigation. Details of the techniques I used have been requested by INTERPOL Cyber Crime, raising SP3C’s profile internationally.

“I am also proud of SP3C, SPCB, FIIU and FIB for receiving the award for Collaborative Investigation, both awards have provided positive exposure of the Service Police and its efforts to our international counterparts,” he said.

Sgt Stubbs was nominated for his ground-breaking work and carrying out digital forensic investigations to support a US Service Police CID investigation into a sudden death in Iraq in 2019. He was able to retrieve the data from the deceased’s very damaged fitness watch, despite the fact that there was no forensic support for this type of device at the time.

RMP digital forensic investigator at work.

This was of immense importance for the investigation, meaning that time and place of death could be established, enabling the investigators to determine whether any criminal activity had occurred.

More broadly, Sgt Stubbs’s work will also benefit the wider law enforcement community as his work has significantly enhanced understanding of how to forensically analyse such devices, so could be used in future cases to determine time of death and posthumous movements in sudden death or murder cases.

Team Collaborative Award

The RMP Specialist Operations Regiment was recognised in the Team Collaborative Award for their work alongside members of the Royal Navy Police Special Investigation Branch (RNP SIB) for their work in extracting, decoding and interpreting electronic information from a number of devices seized as part of an investigation into alleged possession of indecent images of children.

Corporal Sam Ward, Royal Military Police, and Chief Petty Officer (Master at Arms) Jason Briant, Royal Naval Police, both of Spec Ops Regiment RMP.

Spec Ops Regt continued to support the investigation when jurisdiction was passed to Northumbria Police. As a result, a former serviceman was sentenced to 14 years in jail, made subject to a sexual harm prevention order, a restraining order for life and is on the sexual offender’s register for life.

The team was shortlisted alongside Op BLEAK (a collaboration between North West Regional Organised Crime Unit, the National Cyber Crime Unit and the Australian Federal Police), and National Undercover Online.

‘Best of the best’

Brigadier Viv Buck, Provost Marshal (Army) said: “I am incredibly proud that the RMP has won two awards in the International Digital Investigation Awards 2020, particularly against such high-quality competition from other UK and international law enforcement agencies.

“This is a true reflection of the credibility, competency and excellence of the Service Police team working in digital forensics; they truly are among the best of the best.”

(123)

Share

UK Government Announces New UK Cyber Security Council

The UK Government announces new UK Cyber Security Council “to boost career opportunities and professional standards for the UK’s booming cyber security sector”.

The new UK Cyber Security Council announced today by the UK Government follows an initiative started in the 2015 UK National Cyber Security Strategy “developing the cyber security profession, including through achieving Royal Chartered status by 2020, reinforcing the recognised body of cyber security excellence within the industry and providing a focal point which can advise, shape and inform national policy”. Though the aim for the Council to achieve Royal Chartered status by 2020 has not been met, the achievement of establishing the Council is certainly a major step forward.

Following the publication of the 2015 National Strategy in early 2016 the WCIT and BCS worked to bring together a group of 17 organisations to form the Cyber Security Alliance.

The Cyber Security Alliance Members

This Alliance recognised that the establishment of the council, whilst much needed, could also be significantly disruptive if full engagement with industry professionals and academia was not carried. The Alliance set out to engage with DCMS and NCSC as discussions and public consultations were carried out. The result was the Alliance being awarded a grant and contract in August 2019 to establish the UK Cyber Security Council through its lead member the IET following an open competition process.

The significant amount of time and effort by individuals from both Alliance member and non Alliance member organisations is hard to quantify, but is significantly greater than the amount of grant funding awarded and that the council development has reached such an advanced stage within the contracted timeframe is a testament to their professionalism and commitment.

The Council is to be formally launched on the 31st March 2021

Work continues to prepare for the launch. The launch is but the end of the project to deliver the council, the real work then begins to establish the Council as a credible professional body that will represent those that work in the cyber security industry. DFM wish the new trustees charged with firmly establishing the council and moving it forward, good luck in their endeavours.

(103)

Share

Insurance Nexus by Reuters Events Releases the Connected Auto Insurance 2020 Report

The automotive sector is on the cusp of a huge wave of change, rivalled only by historic moments such as Ford Model Ts rolling off the construction line or the deep-seated impact of the 1973 oil crisis. This time, however, it is not just one technological frontier disrupting the sector, but multiple innovations that are already making their mark.

Insurance Nexus by Reuters Events have produced the Connected Auto Insurance 2020 report to make sure Auto insurance businesses; personal or commercial, can deliver on customer expectations and maximize the opportunities that available technologies like telematics, IoT, AI and analytics offer.

As well as gaining insight from over 1200 North American insurance executives, get the detail on what this means for an insurance organization from industry experts, including:

  • Shannon Lewandowski, Innovation and Digital Team – IoT, American Modern
  • Lorenzo Morganti, Big Data/AI Senior Project Lead, AXA
  • Glen Clarke, Head of Transformational Propositions, Allianz
  • Eugene Y. Wen, Vice President, Group Advanced Analytics, Manulife
  • Amrish Singh, Vice President of Product, Enterprise, Metromile
  • Allison Whittington, Head of Housing, Zurich Municipal

And many more…

Download the report now

By downloading the report readers can discover the vital strategic steps you must take in 2020 in order to keep pace with an ever-evolving Auto insurance ecosystem; validated by industry statistics based on 1200 insurance carrier executives and technology leaders.

Justify next steps for investment with 7 easy-to-decipher infographics that clearly demonstrate technology trends, carrier ambitions, investment strategies and partnerships and learn from your peers through 3 in-depth case studies focussing on ‘Open APIs Open Up Business Opportunities,’ ‘Tracking Through Tags, Pulses and Apps,’ & ‘Enabling Mobility-Based Insurance.’

You can also access exclusive viewpoints including James Spears’ take on ‘OEMs Muscling In: The Battle for FNOL’ so that your next step towards OEM collaboration is informed and profitable.

Understand the ‘state of the industry’ and where it’s heading through a wealth of articles, commentary, and debate on the impact of OEMs and how carriers will respond, new models of car ownership, autonomous vehicles and commercial fleet developments so that you remain on the cutting edge.

Have any comments? Get in touch and learn about the Auto Insurance USA conference, April 16-17, Chicago. Website viewable here: https://events.insurancenexus.com/auto/

 

(125)

Share

Cyan Forensics Announces New Chair to Lead Venture into the Next Stage of Growth

Cyan Forensics – the Edinburgh-based company aspiring and working towards a world where there is no place that harmful digital content can be easily hidden or shared – has announced that Paul Brennan is taking over as chair to guide through its next level of growth.

 

Cyan Forensics’ digital forensic analysis tools finds child sexual abuse images on devices within minutes and their product is currently being rolled out to police forces across the UK. Its products can also be applied in the field of counter terrorism and by social media and cloud companies to find and remove harmful content online.

 

Brennan offers a wealth of commercial experience helping to steer technology organisations into the international arena, with particular focus on the US and Europe. Former chair Simon Hardy will remain on the board continuing to bring with him experience from more than a decade of providing high technology solutions to law enforcement worldwide. Hugh Lennie, Cyan Forensics’ Chief Finance Officer (CFO), also joins the expanded board line up to bring his extensive experience of building, growing and exiting businesses.

 

Paul Brennan, new Chair of Cyan Forensics, comments: “I am delighted to have the opportunity to help shape Cyan Forensics’ forward momentum. Cyan Forensics’ technology has multiple applications to offer solutions that can make a real difference to protect people from online harms. The company has seen much success in its first three years’ of business and I look forward to supporting their expansion following a recent contract with the UK Home Office and into new markets in Northern Europe and the US.”

 

Ian Stevenson, CEO of Cyan Forensics, said: “We welcome Paul Brennan and Hugh Lennie onto our board, and are fortunate to retain the experience of our former Chair Simon Hardy. We are at an exciting stage of growth where our product is going into many police forces across the UK to help catch paedophiles much faster, and we are now in a strong position to enter the European market, as well as making greater in-roads in helping law enforcement in its fight against counter terrorism.”

 

Cyan Forensics was founded in 2016 by Bruce Ramsay, a former police forensic analyst and now the company’s CTO, and CEO Ian Stevenson. Last month the business confirmed a successful new round of funding from Triplepoint, Mercia, Social Investment Scotland Ventures, the Scottish Investment Bank and private investors, bringing the total raised by the company to £2.8m.

 

Last year Cyan Forensics announced partnerships with America’s National Center for Missing & Exploited Children and the UK Home Office’s Child Abuse Image Database (CAID).

 

Cyan Forensics is addressing a huge and growing problem for society. At the end of 2019 the WeProtect Global Alliance Threat Assessment report announced that there are 750,000 individuals estimated to be attempting to connect with children across the globe for sexual purposes online at any one time. Technology companies also reported a record 45 million online photos and videos of child abuse last year, that number was less than a million just five years ago, and is more than double what was reported the previous year, according to the National Center for Missing and Exploited Children (NCMEC).

(162)

Share

Clearview AI’s entire client list stolen in data breach- Comment

It has been reported that Clearview AI suffered a data breach that involved its entire list of customers. Clearview’s clients are mostly law enforcement agencies, with police departments in Toronto, Atlanta and Florida all using the technology. The company has a database of 3 billion photos that it collected from the internet, including websites like YouTube, Facebook, Venmo and LinkedIn. This comes on the heels of their photo-scraping and facial recognition capabilities raising major privacy concerns.

Commenting on this, Tim Mackey, principal security strategist within the Synopsys CyRC (Cybersecurity Research Center), said “In cybersecurity there are two types of attacks – opportunistic and targeted. With the type of data and client base that Clearview AI possess, criminal organisations will view compromise of Cleraview AI’s systems as a priority. While their attorney rightly states that data breaches are a fact of life in modern society, the nature of Clearview AI’s business makes this type of attack particularly problematic. Facial recognition systems have evolved to the point where they can rapidly identify an individual, but combining facial recognition data with data from other sources like social media enables a face to be placed in a context which in turn can enable detailed user profiling – all without explicit consent from the person whose face is being tracked. There are obvious benefits for law enforcement seeking to identify missing persons to use such technologies for good, but with the good comes the bad.

I would encourage Clearview AI to provide a detailed report covering the timeline and nature of the attack. While it may well be that the attack method is patched, it also is equally likely that the attack pattern is not unique and can point to a class of attack others should be protecting against. Clearview AI possesses a target for cyber criminals on many levels, and is often the case digital privacy laws lag technology innovation. This attack now presents an opportunity for Clearview AI to become a leader in digital privacy as it pursues its business model based on facial recognition technologies.”

(396)

Share

GDPR improves dwell times

Organisations are detecting and containing cyber attacks faster since the introduction of GDPR in 2018, according to a report from FireEye Mandiant. In the EMEA region, the ‘dwell time’ for organizations- the time between the start of a cyber intrusion and it being identified- has fallen from 177 days to 54 days since the introduction of GDPR. There has also been a decrease in dwell time globally, which is down 28 percent since the previous report. The median dwell time for organizations that self-detected their incident is 30 days, a 40 percent decrease year on year. However, 12% of investigations continue to have dwell times of greater than 700 days.

Jake Moore, Cybersecurity Specialist at ESET:

“It’s great to see a positive GDPR story – and this is exactly what it was designed to help with. Dwell times have notoriously been longer than they should be over the years, but this statistic really shows that GDPR regulations are working, and that organisations are becoming more secure in the process. GDPR shouldn’t be seen as an inconvenience, but instead as a remedy to improve security. There is simply no excuse to have a dwell time of over 700 days and I would imagine that the 12% of companies that do would require a serious security overhaul.”

(145)

Share

ISS World hack leaves thousands of employees offline- Comment

It has been reported that a cyber-attack has hit the major facilities company, ISS World, which has half a million employees worldwide. Its websites have been down since 17 February, and This Week in Facilities Management said 43,000 staff at London’s Canary Wharf and its Weybridge HQ, in Surrey, still had no email.

Commenting on this, Sam Curry, chief security officer at Cybereason, said “In the case of the ISS World ransomware attack, and all ransomware attacks for that matter, corporations can either become a hero or a villain. In the adrenaline rush of “crisis mode,” I hope the executives and security staff of ISS World choose to be heroes by protecting employees, being transparent and erring on the side of doing the right thing. We all hope for minimum damage, rapid recovery and strengthening of ISS World in the wake of this and of peers from their experience when the dust clears. In any cyber attack, transparency and clarity is what matters and like so many others we’ll wait to hear more in the coming days. Recently, Travelex suffered a significant breach and leadership was widely criticized for a slow response. That criticism was coming from pundits without specific knowledge of the incident. Let’s not “bayonet the wounded” because being a target and a victim is happening more and more frequently. Organizations today need to take a much more proactive approach to cyber hygiene by actively hunting for anomalies in their networks. Preventing, detecting and responding to incidents has to highest on the list of steps being taken to minimize and reduce high impact breaches.”

(196)

Share