George Tunnicliffe has worked in IT across different sectors such as defence, charities, healthcare and in scenarios of rapid growth and transformation. The Cloud & Cyber Security Expo speaker walks us through his definition of positive security culture, and the myth that users are the weakest link the IT security chain
What was your earliest ambition?
When I was born, I was born without a thyroid (congenital hypothyroidism), which in a few ways has had an impact on my life but I was always aware of this. The one thing this gave me was a challenge — how far could I go and what could I achieve? First catching everyone else on tests and then, well…what’s next? I always knew I didn’t want any of these things to define me. I was lucky that I have the best cheerleaders in my parents and my brother who were ever encouraging and supportive, they wouldn’t let me give up on opportunities.
Over time I found computers and computer games (starting a secondary ambition to be a racing driver), and then all the other things you can do with computers. This seemed like a great idea for a job, what could be better than playing about with the thing I enjoy and seeing what I could make it do? For me at first and then, later, for others.
George Tunnicliffe, Head of IT Operations - National Theatre
What is your current ambition?
Technology can do so many things for so many people and in my opinion, it’s such an exciting time to have the technology industry doing so much good and positivity. From groups like Tech Talent Charter, providing platforms like Beam to exist and making a world that is so much more accessible. So for me, it’s how can I add to this: how can I create opportunities in my team for people? Can my team help someone with a problem? (it doesn’t even need to be life changing, sometimes it’s good to make someone’s day better) Or can I build myself into an even better position to make that happen?
There is definitely something gratifying about helping someone with their career, having them come into your team, learn with you and really shine. I wish I could do more.
I still have the ambition to be a racing driver though, just in case the technology stuff doesn’t pan out!
What does a positive security culture mean to you?
I always want people to feel they are part of a good team and that they have the support. Mistakes happen, bad judgements happen and accidents happen. For me it comes from the leader for this to be OK, that we talk about it, analyse and work how we can do better and learn from it.
Key to this is showing how we can all improve, how can we make better choices by supporting each other, how can we make it normal to share information, even the uncomfortable stuff. Place less celebration on being plain right and more celebration on the process of ending up both right and better off.
What is one security myth that frustrates you?
That it will be the user’s fault or that they are the weakest point. They are only the weakest point because the platforms and safety nets are not there to help them. Our role in technology is to support them to work and enable them as a business, this goes into security as well. So not to have them check every email, message and call for phishing, whaling and the ‘next big threat’ or even worse, not do things because of a fear.
Of course we can educate and help teams put in safeguards, but if it comes in and out via a technology connection, we could have done better as the professionals.
What is the biggest technology challenge facing cloud & cyber security professionals today?
Burnout. Technology is already a very connected role, with alerts, emails, IMs, platforms to check, logs to review and questions to be answered. Add to that the pressure that comes with cyber security, in some cases being the gatekeeper for the organisation’s security, comes with a heavy burden of responsibility of always being right and catching every threat.
There is a healthier mentality being talked about now “Not If but When” and that needs to be promoted as well as actual manpower and spreading that load across people. In terms of a ‘battle’ of cyber through the social engineering of just creating bots and AI to trawl and find your weaknesses, in config, in people and in platforms, we need to be ready to support people.
What excites you the most about the future of the industry?
I don’t know about excites, probably more what fascinates me the most is AI. The dual aspect of using a technology like this for both light and dark aspects is truly an issue of our time.
For all the defensive benefits it will have in terms of understanding and defending against attacks, from evolving to change settings and postures. It could potentially even be used to respond in a provocative manner.
So then comes the counter of this in the sense that what could AI could do if it was unleashed as a negative force. Will we have an arms race (we probably already do) of people trying to extract the most out of AI for their own gain? Will people combine these AI elements into ever stronger self-modifying platforms and systems? At the moment it is beyond any one person or group’s control.
The beacon of hope goes back to my answer of the earlier questions and the way tech can be used for good. We can hope that these kinds of technologies can exist not just for attack and defense but also the security of people and our ideas, pioneering AI in medicine is a good example of how quickly we can learn patterns results in modern times to improve life for so many people.
Join George at Cloud & Cyber Security Expo London, 11-12 March, ExCeL London
Protecting the Art: People, Data and Things 11 March, 11:00 – 11:20 Theatre 4
