Meet Dan, the chief information security officer at Network Rail. He and his team help keep our tech working and our information and data safe online. This in turn helps us keep the railway and your journeys running safely.
Read on to find out why working in cyber security involves a lot more than just sitting behind a screen.
What does a typical day at work look like for you and your team?
I think it’s fair to say that no two days are the same. For me, it involves lots of meetings, phone calls and speaking to people because speaking to people is a big part of what we do.
I have teams identifying and helping people manage security risk, ensuring our security management system is working well, and planning our security strategy and what our architecture needs to be.
So, there’s a variety of different things that we do. Some things are quite technical, and some aren’t.
Cybersecurity isn’t just about deep technology stuff. There are all sorts of different things involved in keeping us secure.
How did you get into cyber security
I began at an IT help desk and then moved onto managing internal IT systems for different companies.
As time went on, security was just one of the hats I started to wear. I quite enjoyed it so when a cyber security job came up at Network Rail, I went for it. I’ve been here for about 12 years.
How does your work help passengers?
We protect a really diverse range of technology from laptops and mobile phones to our cloud services. This tech is used across the entire company including by staff on the track. For example, signallers and train drivers may use mobiles to communicate with each other. Keeping this tech secure and working helps keep the railway and your trains running reliably.
Of course, cybersecurity incidents do happen from time to time. When they do, we act quickly and efficiently to prevent them impacting you and your journeys wherever possible.
What’s been your biggest challenge?
I suppose the biggest challenge is getting everyone across the business to recognise the part they play in keeping us secure. We couldn’t keep our systems secure without them so continually spreading that message and getting people to do the things that keep us all secure can be tough. That may be things like educating people not to ignore security warnings or to install the latest tech updates to their devices.
How has cyber security changed in the last five years?
The biggest change is the explosion of cybercrime. It’s something that has really blown up and can affect any of us at any time. Cyber security criminals use so many techniques, methods and resources that it’s become very challenging to manage in the past few years.
What advice would you give to somebody hoping to work in cyber security?
It’s not just about dealing with difficult technical problems. It’s as much about speaking to people, building networks and building trust with people that are managing and using technology.
So, I’d say get out there and build those networks, get to know people because it really is a people business.
What should aspiring cyber security specialists be excited about?
Artificial intelligence and the way we could use it in cyber security. There are some really exciting things we already do with AI to keep the company more secure and it would be interesting to see how it can be developed further.
But criminals can also use AI so it’s bit of a double-edged sword.
