I recently had the honour of being shortlisted in the Security Serious Unsung Heroes Awards, nominated in the Godfather or Godmother of Security category (someone who has been around the block and back and contributed greatly to the IT Security industry for more than 25 years). When things like this happen, it makes you pause and reflect on the fact that you have been doing something for more than quarter of a century and still love every minute of it!
I started my career properly at the back end of the 80’s, to a backdrop of electro-pop, shoulder pads and big hair (even I had hair then). My path took me from IT training, programming, and product development on the software side before moving into hardware, networking and security on LAN’s WAN’s and Datacentres. 29 years ago, I started ramsac a Managed Service IT and CyberSecurity consultancy and I’m extremely proud of the work we’ve done, and continue to do, both in the UK and around the world.
Before & After: What 32 years in the industry can do to you!
As well as MD of ramsac I am CyberSecurity Ambassador for the Institute of Directors, CyberSecurity Specialist for Vistage and on the Advisory Board of the Cyber Resilience Centre for the South East.
In recent years I have become known as a CyberSecurity speaker and my success here is owed not just to luck (although that has its part to play), but also to fulfilling a number of needs. My audiences vary from C-Suite businesspeople (non-technical), Infosec colleagues (very technical) and the rest of IT users (from young to old and mostly non-technical). Sometimes it is a classroom format and at others it is a stadium keynote.
The non-technical audience (in whatever format) usually starts from a position of fear. Fear of cybercrime maybe but more often a fear of either not wanting to look foolish or a belief that they are not going to understand or enjoy the subject.
Much of cybersecurity (whichever side of good or bad you reside) is about psychology and I see my job as helping people understand not just the methods used to find and press fear buttons, or the physiological responses to being tricked, but how to use the same logic and apply it to their understanding, the business need/imperative and ultimately how to share that with all their stakeholders. This is a vitally important challenge to direct and influence security culture within organisations.
The infosec audience are another challenge all together in that on a daily basis they are most probably far more hands on than I am today, but I often speak to delegates after an event and hear the same thing, the understanding that it’s not just about knowing how to do cybersecurity, it’s about the stories and the methods used to communicate so that any audience is going to get it (whatever ‘it’ is) and that I’ve shared things to help them get their own message across.
When I engage with any audience, whether that be my own team, a potential client, or an audience of thousands, the vital consideration is that of intent and message. Before starting anything, ask yourself what is your intent here? What do you want to achieve and how do you want to make people feel? The message part is vital too, what message do you want to leave and how easy is it for them to repeat, share and understand? Start with the endpoint in mind and work backwards in your preparation. There are many very talented practitioners in our industry who do not get the recognition or the progress they deserve because they do not communicate properly.
If you’re an IT or CyberSecurity techie my best advice on communication is to not to communicate with others as you want to be communicated with but rather to communicate with your audience as they need to be communicated with. This is obviously true for everyone and a great learning, but it is particularly applicable to any technical expert.
Start with your end message in mind, help your audience understand by positioning and illustrating the subject using stories, models and examples pertinent to their own understanding/perspective and leave them with a plan of what to do next and a call to action.
I believe that if more people who work in our industry (an industry that I love just as much today as when I started) could apply this wisdom, then our challenge to keep cyber resilience front of mind, in all walks of life, would be easier and more effective.
Our industry is an amazing place to work and the Security Serious Unsung Heroes Awards celebrate many of the people who I am blessed, honoured and grateful to work with. Good luck to everyone.
Rob May is a finalist in the Security Serious Unsung Heroes Awards 2020, sponsored by KnowBe4, Proviti, and Qualys.
Rob May is renowned in business as a CyberSecurity figurehead. He has been the Managing Director of ramsac limited for nearly 30 years. He is the former Chairman of the Institute of Directors in Surrey. He is an international CyberSecurity Keynote Speaker and his TED Talk ‘The Human Firewall’ spawned two books. Rob is the UK Ambassador for CyberSecurity for the IoD. He has the Freedom of the City of London, is a Liveryman in The Worshipful Company of World Traders and was named as the first honorary lifetime member of the Cloud Industry Forum for his contributions to the sector. Rob is passionate about helping people better understand CyberSecurity and he has won several speaker awards for having successfully done this, making the complex straightforward using real life examples, clear easy to understand explanations and humour.
