Interim CISO Rob Newby talks to Rachel Bridge at Drax about why he has so much for time for data-centric security
Rob Newby first fell in love with the idea of data-centric security back in 2000, while working for a company in Hampshire. While everyone else in the market was busy selling external firewalls to protect a company’s information, the business he worked for had approached the problem from a different angle and was selling products that protected the transmission of information instead.
One day Rob was working with a US supplier who started talking about data-centric security. He says: “It was a real lights-on moment. The US was about 5 years ahead of the UK at the time. ”
It got Rob thinking. He quickly became fascinated by how businesses could protect their data from cyber attack from within, by using encryption and other forms of data security, rather than by trying to put up defences around the outside.
He says: “I wrote blogs saying that security should be data-centric, but at the time everyone was saying that you have got to protect your perimeter and thought I was mad.”
As the world of cyber security became more complex and methods of cyber attack more sophisticated, however, businesses increasingly began to realise the importance of data security and Rob found himself in demand.
He became director of product management for a start-up security business in Barcelona and on his return to the UK worked as a consultant on cyber security for large corporates, including Skandia, Symantec and Vodafone.
He says: “I’ve been in more corporate and technical environments that I can count – installing security products, finding out what the market wants, architecting complex processes, both selling and being sold to, speaking to management, execs and boards about the issues that they face at their level. That has given me the ability to see a problem from all sides, but also to know what good stability looks like.”
After spending ten years as a consultant, however, Rob realised that he wanted to actually execute his vision of what he felt good security looked like, rather than just telling other people how to do it. Particularly because they would often get it slightly wrong.
He says: “I gradually found myself wanting to make changes instead of just telling people how they should do it, and then watching them doing it slightly differently. Even people I had known for years and worked with incredibly closely, would take what I was saying and put their own spin on it.”
Rob decided that the best way to do this would be as an interim Chief Information & Security Officer (CISO), a role that would enable him to deliver his specialist knowledge in a short sharp fix.
So after taking up short term roles at Aviva and Admiral insurance, Rob made the move to being a full time interim. He realised almost immediately that he had made the right decision.
He says: “What I love about being an interim is that every day I execute, complete and transform. I’m not waiting for someone else to make a decision. I have no problem being dropped in at the deep end, calling the shots and delivering from experience.”
Rob is also very aware of getting the right governance in place around security issues. Indeed he was so focused on it while at Aviva that when he left, his colleagues gave him a cake with the word “Governance” written across the middle in six inch high letters.
He is currently interim CISO at Smart DCC, an IT and Services business in London, where he is busy implementing a transformation strategy.
It is a way of working that suits him really well. He says: “My mind doesn’t really have an ‘off’ switch, it needs a problem to work on and it doesn’t really stop analysing. So having something to think about makes me happy and gives me satisfaction.”
He adds: “If it got to a point where there was too much stability in a business, I would be bored and would want to go and do it somewhere else. I like problem solving and I like fixing stuff that I can see is broken. I don’t like leaving loose ends.”
