Understanding the Adversary
Mick Jenkins, Chief Information Security Officer at Brunel University & a former Counter Terrorism officer in the British Armed Forces speaks with Steve Moore about the ideological similarities between defending against terrorists versus cyber criminals, the benefits of mentorship throughout your career in security, and the re-emergence of Soviet era espionage techniques.
Building a career in security can be a challenge, even for those of us who start off early. For some however, the job can be a natural progression from her Majesty's armed forces to helping secure the 2012 Olympics and ultimately becoming a CISO. So how do you channel these unique experiences into something that will withstand the diverse threats organizations face today?
Who is Mick Jenkins?
My career & professional involvements these days are in cybersecurity and sort of lie in the world I exist in as a non-executive director. At the moment I do all sorts of different things on the computer in terms of dealing with investigations, dealing with IT directors, and current strategies.
I signed up & started working in her majesty's armed forces when I was sixteen and a half years old. I certainly never expected to end up as a CISO dealing with strategic cyber security because my life began as a soldier in the British Army.
Working with a Mentor During the Transformation Process
I think you and I are both very keen on spotting & identifying the leaders of tomorrow and investing in them. And I think this is particularly important because as we know, over the next 5-10 years, the cyber world is going to need the best of leaders to support boards and deliver strategies that are coherent. For me having had such wonderful careers, I want to be able to pay some of that back to younger men & ladies. These are people who have the talent to go all the way to the top of the cyber tree as CISOs or strategic leaders both in government and the private sector.
Luckily I'm connected with a number of people and different organizations here in the UK, and one of the wonderful ones is a small company taking veterans, who have done something like 22 years or more in service in the military. These are very loyal servants, very disciplined, very capable, and quick learners. The organization takes them out of the forces and retrains them as cyber specialists, cyber analysts, or information security managers, and then places them in industries.
It has been very important and key for me that I try to help people who've got the talent. And just like in the military, it's all about thought and actual leadership. It’s about leading by example, having good strategic foresights and acting as a mentor or coach. At the moment I have 2 individuals who are much younger than me who I believe have got the talent. I’m earmarking them for the right career progression over the course of 5-10 years and trying to make sure that they do progress all the way to the top of the cyber tree.
I was lucky as my mentor used to take me for lunch quite often every 2-3 months. And he would ask, ‘Are you in the right job here?’, ‘Is there anything I can do?’, ‘Tell me about this company you're working for’, ‘I really think you need to be doing this and this next.’
I had that for the 15 years I had in both the military and in my ultimate career in cyber security. And so I think mentorship and identifying good talent is something we owe ourselves for the future, which is something I particularly enjoy doing.
Mick’s Advice for the Transformation Process
As I look back at my career, one thing about me is that I was always striving to achieve excellence and be honest in whatever I was asked to do or serve in her Majesty's service. And I think many of us in the professional armed forces do strive for sheer excellence. And if you've got that kind of psyche to achieve excellence, you'll go above & beyond to learn from people.
In my case a lot of it was about learning about the adversary. When I started working as an explosive disposal officer, particularly involved in high risk research, I wanted to beat the terrorist and so I needed to be at the top of my game. I took every opportunity to talk to some of the more experienced ground operators who had served in Iraq and Afghanistan. I looked up to my mentor as well.
It's always a fabulous thing for someone going through multiple careers to have a mentor or coach. My particular mentor is a wonderful chap called John Almonds. He is in his seventies now, and he is the guy I aspire to be. I hope to achieve everything he did throughout his military & civilian careers. He is still a very fit man - fitness in body & mind, which kind of exists all the way through your military career into retirement. And this certainly helps when dealing with high stress/ high pressure situations.
Understanding Your Adversary
In the army, I finished as an Intelligence Officer within the British Defense Intelligence. And then I made the transformation into civilian streets where I was working on information security, initially working with ultra-high security data centers. Then I made a transition through Olympics where I was the Lead Security Practitioner/Strategic for London 2012. After that I moved to the University world.
Throughout all this transformation I moved from the adversary in the counter-terrorism world to the adversary in the cyber space world. Doctrinally there's no difference; we have an enemy, we have an adversary and they use a variety of tactics, techniques, and procedures that you as the defender need to know. You need to know how they will damage your organization or critical infrastructure.
I had to learn about the technical elements of how the attacker exploited vulnerabilities, how they got their target asset, or how they used a particular technology to be able to attack. So for me it was all about excellence and trying to know/understand the adversary because if you know him and can predict the threats arising over the next couple of years, you can begin to build your own defense mechanism to protect your organization.
The Kompromat Kill
This is my second book. I chose the title about 18 months ago and then from the title I wrote the story. What I think you or the American community will find interesting is the word “Kompromat”. Since 2016, all of a sudden it’s been immersed into American folklore. And of course it's a Russian term.
For a very long time the Russians have used the tactic of using compromising material against ministers, soldiers, and anybody in the community that they could use to their advantage. Effectively what they use is blackmail material and they have been the masters of this for decades. Now we see the terminology coming through because of the linkages and allegations put across into the current US administration. In addition, we now see this term being used quite radically in American media.
But it’s less so over here in Britain. The novel gives a little bit of insight to readers about how this tactic is applied in the intelligence community, in the world of high breed warfare, and dodgy dossiers that we've seen on both sides of the Atlantic. I wanted to immerse the reader to see what is effectively a spy thriller linking the geo-political situation with ground operators doing the work of collecting intelligence. There are also elements of cyber technology & attacks in the novel.
How to Combat Shady Online Information
I think this is about continual improvement, and one of the elements of this is your organizations' ability to react to different levels of incidents. Here in the UK, The National Cyber Security Centre does a great job in providing out of the box exercises. They go out of their way to try & assist because quite often in companies there isn't that experience, and many times you have to buy the expertise to conduct screening and policing.
I also think that there is a big shift here in the UK to actually make sure that the board understands the risks they face and some of the serious consequences that their business or physical infrastructure could face.
And for organizations that actually do the exercises, each person can witness or be exposed to the roles and responsibilities of others and what they will actually be doing during a major incident. This ranges from the legal team, board level individuals all the way through disaster recovery people, IT, physical security & policing. All these entities need to come together regularly to exercise and understand who will be doing what.
Another important thing is that it's very important to coach the executive board on what their roles and responsibilities are during a major incident. This includes a terrorist incident or cyber-attack, and is part of consequence management. This is why a CISO has to have a good relationship with all members of the executive board.
Resources:
Exabeam - Website
Exabeam Spotlight Conference - Website
Steve Moore - LinkedIn
Michael Jenkins - Website
The National Cyber Security Centre - Website