Shaping the landscape of cyber security

Since stepping into this fantastic role as the Head of Cyber Security for Birmingham City Council (BCC) it has not been without its challenges including monitoring, repelling and responding to cyber threats, while meeting compliance requirements which are all well-established duties that my team and I lead on.

Birmingham City Council’s landscape is rapidly evolving. The explosion of connectivity provides BCC with new opportunities for growth and development, but these opportunities come with a catch.  As BCC customer data evolves, it becomes a new target for information theft, directly impacting business reputation and performance. In response, my team and I have taken a stronger and more strategic approach to the challenges we face. Inherent to my new role is the need to move beyond the role of compliance monitoring and enforcement, to better integration with the business, managing information risks more strategically, and working towards a culture of shared cyber risk ownership across the organisation.

Steps are being taken to recognise the warning signs for security breaches.  When data or systems are compromised, it can be a sign of systemic issues, operational failures and, potentially, a culture that does not value security. Compliance lapses, audit issues, and a lack of metrics and transparency can all be signs of potential security problems as well. We now have a push to establish our posture whilst driving the improvements and initiatives through a cyber strategy empowered by people, processes and technology.

As the person responsible, I am taking steps to better integrate with services where Cyber Security is seen as a partner and an essential part of BCC’s DNA. We are doing this by increasing communication and collaboration which in turn is raising our profile. I am also addressing the talent shortage to ensure there is sufficient resources available for all council services.

Since taking the position my team and I have dealt with the new challenges BCC is facing due to COVID 19 and remote working.  We have enhanced the security awareness training to reach out to everyone, we have looked at the Phishing test results from 2019 and will be building on that to identify where extra awareness and training is required.  We are ensuring that Security by design is included in projects from the outset and are currently supporting the major programmes ERP and APM.  We have contributed to and led Yam Jams to answer questions, raise security awareness and ultimately this has raised the Cyber Security team’s profile.  We have engaged third parties to conduct Red Team Security exercises to help identify major gaps in Microsoft Office 365, external infrastructure and our digital landscape.  

It is my aim to bring to fruition a Cyber Security function which will become an even stronger pillar to support BCC’s vision of becoming the council of the future.  I believe that in the not too distant future the BCC Cyber Security Team will be acknowledged as a leader in the field by the public sector.

Blog written by Irfan Iqbal, Head of Cyber Security for Birmingham City Council

comments powered by Disqus