CYBER SECURITY CAREERS
SO YOU WANT TO WORK IN CYBER SECURITY. CAN YOU BE TRUSTED? By Chris Hurran, OBE, Senior Associate Fellow of the Institute for Security and Resilience Studies at University College London Cyber security professionals can expect to work in positions of great responsibility with access to, for example, corporate crown jewels of intellectual property, aggregated data and critical technical assets. Not only do they require the necessary technical skills, they must also be totally trustworthy. Should that trust be lost it may be hard if not impossible to regain it – with long-term implications for employability. This article explores the subject of reputation management and offers advice to cyber security professionals on managing this aspect of their overall profile in order to ensure a long and successful career.
I
NTRODUCTION
The vast majority of cyber security professionals are highly technically competent, dedicated to their careers, and utterly reliable and trustworthy. They have a right to feel respected and trusted by their employers. Unfortunately, one or two bad apples (such as Jessica Harper and John Skermer – see their case history text boxes) make employers realise the scale
of harm which a rogue employee can do. Employers have a responsibility to protect their organisations from such harm. It is therefore entirely reasonable that employers should take appropriate measures to screen and monitor all their employees – especially those in positions of greatest trust. And this latter group will invariable include the cyber security professionals
Jessica Harper.
John Skermer.
Harper was Head of Fraud and Security for digital banking at Lloyds Banking Group. Despite her £60,000 salary, she exploited her position and knowledge to defraud her employers of £2.4m over a 4-year period. She was sentenced to 5 years in jail in September 2012. At her trial she said “I saw the opportunity and thought 'given the hours I work I deserve it'.” The judge said “You were a senior employee in the bank in a position with a high degree of trust at a time when Lloyds was substantially supported by a lot of taxpayers' money following difficulties sustained by the bank in the financial crisis. You disregarded your duties out of a sense of entitlement to take other people's money for your own benefit and that of your family."
Skermer, a software engineer, was head of an IT security team at Barclays Bank. Over a period of almost 5 years from January 2009, he defrauded the bank of £2.14m from accounts under his control. He was sentenced to 7 years in jail in April 2014. Unbeknown to his wife, he allegedly used the money to fund a parallel lavish lifestyle. The prosecution said “Mr Skermer was in a position of authority within the bank which he exploited. It was a breach of trust. And he took a vast amount of money from the bank.” Sentencing Skermer, the recorder said that it was clear that the fraud was well thought out.
82 CYBER SECURITY REVIEW, Winter 2014/15