Holman is CEO of penetration testing specialists 2-sec and director of the Information Systems Security Association (ISSA).
Tim Holman is a 20-year veteran of cybersecurity and has held consulting roles at IBM, Panasonic, British Airways, Lloyds TSB, ICL (Fujitsu), Dimension Data, and Trustwave. He was the recipient of the Microsoft Most Valuable Professional (MVP) for Security Award in 2004, 2005, and 2006, and in 2014 he was awarded fellowship of the ISSA.
The ISSA is a not-for-profit, international organization of information security professionals. The goal of the ISSA is to promote management practices that will ensure the confidentiality, integrity, and availability of information resources.
Tim will be offering his insight into the world of cybersecurity at Interop London this week. InformationWeek caught up with him before the event to find out what it is like to walk a mile in his shoes.
The day starts at 6.30am -- I like to get up early and go for a bike ride when it’s quiet. It’s a great time to relax and get my thoughts in order. Then it’s back home to help my wife get the kids ready for school, so I’m at my office desk by 8 a.m.
I know it’s a cliché, but no day is the same. It depends on so many things. We work as cybersecurity experts for many different types of businesses across the UK. If someone rings out of the blue and tells me that their business has been compromised by a cyberattack, then our day (and sometimes much of the night) is spent detecting the attack, preventing access to IT systems, removing vulnerabilities, and starting the long process of communicating with customers and stakeholders and cleaning and protecting all their IT processes and systems. It is not uncommon to see a business being brought to its knees by what appears to be an innocuous theft or other lapse in security.
Attacks on small and medium businesses in the UK are rising rapidly, and so many are still completely unprepared. A lot of this is due to the fact that business owners don’t understand why their data is of interest to cyber criminals. The fact is that there is a huge market for customer details and financial and commercially sensitive information. Small businesses are often the first and weakest link in the chain and the way to reach the bigger suppliers and companies. It’s a huge problem -- the government is doing its best to educate the business community about the importance of protecting their valuable assets, but there are reports of more data breaches emerging every day.
I work with a tight team spread across the South of England. Each of us is an expert in our field, and my expertise is in payment card security, in the PCI DSS security standards. My operations manager Sarah will call me to check through the day’s appointments -- a lot of my time is spent advising individuals about the need for PCI compliance and visiting head offices to speak to directors about more generalised cybersecurity as well as the more technical issues.
In the afternoon, I usually work on one or two proposals and get the chance to speak to the team about continuing security assessments and pen-testing assignments. We are constantly busy and have worked in most professional industry sectors. It can be frustrating that we can’t publicise the successful outcomes of the work that we do. Almost all our work is highly confidential -- clients are often very embarrassed that they have suffered a security breach, and they don’t want any damage to their brand.
The best jobs are the clients that call us before anything disastrous has happened. They realise that they are at risk, so they contact us to do a thorough security assessment so that we can identify the vulnerabilities and advise on next steps.
I’m often out in the evenings as well -- either presenting on cyber security at a conference or chairing an industry event. I’m heavily involved in the ISSA UK; it’s the largest international, not-for-profit association specifically for information security professionals, and I do my best to help publicise its events and support the organisation by doing my own presentations and question-and-answer sessions.
If I’m not out, then I’ll work on my blog. I’ve just written pieces on the recent Hatton Garden heist as well as PoSeidon, the latest malware to attack point-of-sale systems. Anything that I can do to raise the profile of cybersecurity in the UK is a bonus.
It’s difficult to relax sometimes, but the infosec community is really supportive; everyone knows everyone else, and it’s a brilliant (if sometimes stressful) career for any technically minded person. The hacking landscape changes so fast, and keeping one step ahead of the cyber criminals is a full-time concern.
Interop, the flagship event of London Technology Week, takes place at ExCeL London June 16 to 18 2015. Find out more here.
Sean McGrath is a freelance IT writer, researcher, and journalist. He has written for PC Pro, the BBC, and TechWeekEurope, and has produced content for a range of private organizations. Although he holds a first class degree in investigative journalism, his dreams of being a ... View Full Bio
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.