By Samantha Hoffman, Digital Security Manager at Microgaming, and finalist in the Security Serious Unsung Heroes Awards
The best way to fire people up about InfoSec is to empower them to be champions of security, and at Microgaming, that process begins from day one with information security inductions.
As I meet with each new starter, I place a huge emphasis on protecting personal data and protecting themselves. When people understand why a hack at Google might impact their own life, they begin to take ownership of their own security and be invested in protecting it. It’s taking Information Security out of the abstract and making it relevant.
Cybersecurity has its quirks…
Security is a constant topic, so communication should be quirky, unique and, most of all, creative. My team and I host impromptu cybersecurity awareness initiatives around the campus and we make sure to have fun with these!
Last year, I put together a Crypto treasure hunt where people were given a code and needed to find the cypher to crack it. The engagement level was unreal; about 80% of the campus was up and about throughout the day, following clues, cracking codes and ultimately finding the ‘magic word’ to win. Regardless of each employee’s day to day responsibilities at Microgaming, that day, everyone was a cryptographer.
There are quite a few new events in the pipeline for Cyber October- which is very exciting! We’ll be holding an even bigger Crypto-hunt with different cyphers, and members of my team will be demonstrating how different networks can be hacked and how we can protect ourselves.
Owning the Responsibility
These (super fun and quirky) events instil a sense of ownership and responsibility over data security. As we implement a new Information Security Management System at Microgaming, the sense of ownership and responsibility towards cybersecurity is ever-deepening. Cybersecurity is only as strong as its weakest link, so it’s vital to approach every task with a ‘security first’ mindset. We need to always look out for threats and ask how our weaknesses can be reinforced- fixing issues before they become problems. I am incredibly lucky to work with a team who are so security minded and so willing to mature within the process.
Having a robust security system empowers all of our people to make the right decisions- giving them a voice to say what they feel might be a threat and what areas of their work can be operating better, ultimately strengthening our cyber fortifications. This is paramount to security, knowing that at any given time, Microgaming has a legion of InfoSec warriors.
Creating a Safer Community
Security has always been my passion. When I was younger, I had a strong urge to join the police force; it was the draw of ‘doing good’ that pulled me in- the clear right and the clear wrong. It seems inevitable that I would find my ‘soul job’ in Information Security.
…And very apropos that I now have the honour of helping the Isle of Man Constabulary with their Cyber Security Initiative! I’ve drafted an open source intelligence framework that allows officers to find publicly accessible data during investigations quickly and easily, creating a safer place online and in our community.
Mini mentoring
Mentorship isn’t just something that happens within the confines of the office. Yes, I mentor my team and my colleagues to be security champions, but I also believe that mentorship and security awareness should begin at a much younger age. I am on the team for Love Tech Isle of Man, a not-for-profit initiative set out to inspire and empower girls and young women to explore opportunities in Science, Technology, Engineering and Mathematics. It’s so important to encourage the next generation of female leaders in this field and to inspire them to be security game changers, instilling in them an unreproachable sense of responsibility, curiosity and confidence.
Security is everyone’s business. It’s with this mindset that I try to boost and build the highest level of security awareness to the people within my company, within my community and engrained in the milieu of future generations.
Cyber Security begins and ends with empowerment. Everyone in my charge is given the tools to be empowered, to take the ownership they need to in order to be safe. My security team has grown over the past few years from just me and one part-time employee to what will be a team of five by the year’s close.
I encourage my team to learn as much as possible, to ask the hard questions and to never be satisfied with the status quo. They are given the means to succeed and emboldened to head off their own initiatives. I am so proud of the fine work my team has done and more importantly, what they will do in the future.