‘One of the biggest challenges for BSI is the cybersecurity skills shortage’


7 Aug 2018

Colm Murphy. Image: BSI

BSI’s Colm Murphy offers some leadership insights on the evolving sector of cybersecurity.

Colm Murphy is international director at BSI Cybersecurity and Information Resilience.

He has more than 20 years of experience working in cybersecurity, information resilience, electronic discovery and digital investigations, and has led a range of projects in Ireland and across Europe, America and Asia.

Murphy previously worked on the management team of the Irish cybersecurity firm Espion for 14 years, prior to its acquisition by BSI in 2016.

He holds a BA in business and politics from Trinity College Dublin and a diploma in information systems from Dublin Institute of Technology.

Describe your role and what you do.

In my role, I’m responsible for the expansion and international development of the business. I work with all our offices across the globe and especially with the Dublin office, which heads up the BSI Cybersecurity and Information Resilience centre of excellence.

How do you prioritise and organise your working life?

It takes careful planning and discipline to ensure I’m always focused on our growth plans. We have offices in more than 30 countries and all of our clients are deeply concerned about the cyber landscape and the threats that it can pose; there is an urgency to it. The services we provide are always in demand and, with such an expansive area to cover, it’s crucial for me to prioritise my time efficiently.

I organise my working day by focusing on our plans and don’t get too distracted by the expanse of the work and opportunities that are out there. That said, the bigger picture and the global opportunity is what motivates me. Not only knowing what can be achieved this year, but what we can do next year and the year after that, is one of the most exciting aspects of my role. 

What are the biggest challenges facing your sector and how are you tackling them?

One of the biggest challenges is the cybersecurity skills shortage in the workforce and it’s a concern for many organisations as technology evolves. We are overcoming this through our well-established graduate programme, and most recently the establishment of our cyber academy, so that we can grow and foster talent in-house.

Another big challenge is the pace at which technology is developing. For example, IoT has increased connectivity for medical devices and healthcare; however, it has introduced new complexity and associated risks to the supply chain. The safety and security implications, such as the potential for a cybersecurity risk to put a human life in danger, are real and far-reaching.

Another example is the extraordinary rate at which blockchain applications are being developed while many of the related security implications are not yet widely understood.

Our R&D team is very active and is constantly anticipating the future and the challenges that come in the marketplace. Our team gauges client demands and actively develops solutions that help us automate certain processes that enhance and support the work we do.

What are the key sector opportunities you’re capitalising on?

The regulatory environment is naturally a key area for us and, along with heightened public awareness levels in this sector, it’s driving a high demand for cybersecurity expertise. An example of this is GDPR. As a company with a large global footprint, we are ideally positioned to consult with international companies on ways that they can simplify and centralise their supply chains.

A key sector for us at present is also the medical device and healthcare sector. The connectivity of such devices and systems raise many security concerns for this sector, including privacy and patient safety. We work closely with our clients in this sector to manage and address these concerns.

Our team also focuses strongly on the legal sector through our e-discovery and forensics department, and how rapidly evolving needs and advances in technology can allow it to do more in less time and with less resources.

We also have an IoT laboratory, a new initiative that is capitalising on the exciting growth in this area.

What set you on the road to where you are now?

I stumbled upon cybersecurity in the 1990s. Following the completion of my studies, the only two options were technology (the dot-com bubble wasn’t too far away) and banking. I went for technology. I was mathematically inclined and liked figuring out how systems worked, or why they didn’t work.

I cut my teeth as a security engineer, installing and configuring some of the first firewalls implemented in Ireland. I subsequently spent some time in Asia working for a large global consulting firm and a cybersecurity technology manufacturer.

I then returned to Ireland in 2001 and worked with ex-colleagues and friends to help establish Espion.

What was your biggest mistake and what did you learn from it?

Mistakes are part of doing business and I’ve made plenty, but I’ve learned not to fear making mistakes as they have all been a learning curve, and the experiences have made me better in my role. As Beckett said: “Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better.”

How do you get the best out of your team?

I’ve been incredibly lucky and I work with a marvellous team of talented people. To get the best out of them, I give them responsibility and let them get on with their work. I trust that they have good judgement and will ask for help if they need it. My team members recognise that they are the masters of their own destiny and this empowers them to make the most of their working lives. It’s important to hire the best you can find and to stretch your resources to make sure you get them.

Our team has an incredible range of tools available at BSI, including employee learning and development initiatives that allow people to grow professionally and make a career for themselves.

STEM sectors receive a lot of criticism for a lack of diversity in terms of gender, ethnicity and other demographics. Have you noticed a diversity problem in your sector? What are your thoughts on this and what’s needed to be more inclusive?

The benefits of a diverse workforce are tenfold and well documented, and we know that many technology companies are failing to attract female employees in sufficient numbers to their organisations.

At BSI, we work very hard to foster a culture of diversity and inclusion, and this includes initiatives that work at making our working environment more inviting for women.

We take diversity very seriously and in 2017, we launched a standard – BS 76005 – valuing people through diversity and inclusion. It is a code of practice for organisations. It provides recommendations for undertaking, reviewing and assessing a competent and principled approach to diversity and inclusion in the workplace. The standard reflects my own personal belief: that recognising and respecting the value of people beyond the minimum rights stated in law has long-term personal, organisational and societal benefits.

Who is your role model and why?

There wouldn’t be one individual who springs to mind. Rather, I’m more interested in people who display positive behaviours, who are pioneers and who are fearless; those that engage openly, honestly and transparently.

What books have you read that you would recommend?

One of my all-time favorite books is John Kennedy Toole’s A Confederacy of Dunces. What strikes a chord is the book’s path to publication. It was discovered after the author’s tragic suicide and it was only for the love, perseverance and determination of the author’s mother that the book found a publisher and went on to win the Pulitzer Prize for Fiction in 1981.

I’m currently reading a selection of books and research papers on the topic of organisational resilience. This topic is of particular relevance in today’s volatile geopolitically environment, as it will be those organisations that adapt to best practice that will have the best chance of standing in the future.

What are the essential tools and resources that get you through the working week?

My mobile phone. On a typical work day by lunchtime, my mobile would need a second battery charge. I like talking to people and, wherever possible, I try to avoid long email chains.

Want stories like this and more direct to your inbox? Sign up for Tech Trends, Silicon Republic’s weekly digest of need-to-know tech news.