Secon Cyber Leadership Interviews
Janakan Nadarajah in conversation with Gerry Grant, Cyber Security Manager, NHS Tayside JN: Tell me a bit about your role and what you do. GG: I’m the Cyber Security Manager for NHS Tayside. It’s my responsibility to look after the cyber security of pretty much everything within NHS Tayside, so that goes down to the endpoints, the laptops, the desktops the majority of my colleagues use all the way to MRI scanners and all the other various bits of technology that may be used in hospitals to monitor patients and help save their lives. It’s quite a wide and varied type of thing that I’ll see on a daily basis. One day I might be looking at a proposal for a new piece of equipment in A&E and the next day I will be trying to get somebody update their iPad, so a whole variety of different things. For me, it’s that diversity that makes it interesting and was one of the reasons that I wanted to come and work in this environment. JN: How did you get into working in cyber security? GG: I’d like to say it was a long time ago, but it wasn’t really that long ago. I had a bit of a mid-life crisis and wasn’t sure what I wanted to do with my life. The more I thought about it, I’ve always been interested in technology, and I just saw the way the world was going and that we’re becoming more connected and the internet of things is beginning to take over our lives. That’s a fantastic opportunity, there’s loads of things that we can do with it, and part of me 4
loves the prospect of being able to turn an oven on when I’m on my way home, but part of me is nervous because how secure is it? And who thinks about the security of these things? That’s what started to get me interested in cyber security. The more I investigated it, the more curious I became and as time has gone on, I’ve learned and understood more about cyber security. I feel that I’ve got an obligation to try and pass that knowledge on to other people and to try to make people aware of what the consequences of their actions are and how we can make a safer world. I love the technology. I love what it can potentially do. I just want people to be aware of the drawbacks and think about how that might actually affect not just their business life, but their personal life as well. JN: What do you love about working in cyber security? And what do you not like about it? GG: I like most of it. I love the challenge, every day you’re faced with different challenges. For me, cyber security is about managing risk and making people aware of what the risk level is. In an organisation a big and diverse as the NHS, that can be difficult because what I might consider very risky, a doctor might think is not risky at all. I get to communicate and speak to people at board level and I also get to speak to the doctors and all the other people within the organisation so I kind of feel like I have an impact on everybody, not just on one depart-
ment. And yes, I’ve got reports to write and I’ve got meetings I need to go to, but I’m
still thinking about different things all the time and that’s what I really like. One of the challenges is it changes so quickly and the types of attacks you’re getting are changing all the time, so it’s trying to get that buy in from staff as well. People go ‘Cyber security is really important, but I already understand it so I don’t need to listen to you.’ It’s trying to do something to spark reimagination to make them engage with you a little bit more. Trying to get doctors to come to a cyber security awareness training, good luck with that because they’re way too busy actually saving somebody’s life. They don’t want to sit and listen to me drone at them, so it’s trying to find different ways and that’s SECON CYBER
