‘Cybersecurity today requires greater digital and business understanding’


22 Jun 2021

Mark Brown. Image: BSI

BSI’s Mark Brown discusses current infosec challenges, the need for diversity in cybersecurity recruits, and how he picked up his tech flair from his dad.

Click here to view the full Infosec Week series.

Mark Brown joined BSI in February of this year as global managing director for its Cybersecurity and Information Resilience consulting services business. He has almost 30 years of experience in this sector, previously holding leadership roles such as global CISO at SABMiller and global CIO/CTO at Spectris. He was also a senior partner at Wipro and a partner at EY.

As well as his role at BSI Cybersecurity and Information Resilience, Brown is on TechUK’s Cyber Security Management Committee, which advises the UK government on how businesses can be incentivised to safely adopt new technologies.

‘For too long, cybersecurity professionals have been synonymous with compliance professionals’
– MARK BROWN

Describe your role and what you do.

I have overall responsibility for managing a worldwide team of consultants and delivering the highest quality services to our client base.

My role is the public face of BSI’s cybersecurity business and as such my position is a blend of internal management as well as external brand development, ensuring that my near-30 years of experience enables me to pay something back, and indeed forward, to the future of the cybersecurity profession.

How do you prioritise and organise your working life?

My wife and family would probably describe me as a workaholic. But, for me, much of how I work, prioritise and organise my working life comes from my time serving in the British Armed Forces, where organisational skills are paramount.

Timekeeping is a key attribute and I learned early that avoiding back-to-back meetings was a positive. Having 25-minute and 50-minute meetings rather than half hour or whole hour meetings affords that little bit of respite to the working day.

I also use digital tools extensively to my advantage, for example using the Cortana insights capability within Outlook to preserve focus time and taking breaks to recharge the batteries. I vehemently dislike not being able to see the bottom of my inbox and therefore rigidly maintain discipline of responding to queries within 24 hours and then filing communications where I can refer to them later as required.

What are the biggest challenges facing your sector and how are you tackling them?

Skills shortage. Not in the technical sense but in the ability to translate traditional cybersecurity from a technical perspective centred around compliance to a discussion focused on business enablement.

For too long, cybersecurity professionals have been synonymous with compliance professionals. To remain relevant, we need to transition to become commercially aware digital risk management professionals who are recognised as business advisers and leaders.

What are the key sector opportunities you’re capitalising on?

Digital transformation and industry 4.0 are huge opportunities for all businesses and therefore for BSI too.

The key challenge is the fact that globally there is an absence of experienced professionals who are able to balance an understanding of the business opportunity and the technical needs in addition to the safeguards required to grasp the opportunity successfully.

What set you on the road to where you are now?

I grew up in the very early ages of computing and remember the fanfare of the school being able to buy its first computer – it was a BBC Micro. At home I was also fortunate that my father was science-minded as an electrical engineer and I had evidently picked up attributes of learning from him as I had a natural flair for computational processing.

Roll forward almost 40 years and I am still learning and amplifying that inquisitive scientific learning mode. For me, the pathway never ends – constant learning is a must in my role as skills can fade overnight. Without that lesson from a very early stage in life from my father, I am not sure I would be where I am today.

How do you get the best out of your team?

It can be summed up in two key words: trust and empowerment.

Too many leaders over-manage their teams to the point of micromanagement and indeed are not recognised as leaders by their teams. Throughout my career I have been fortunate to work for good leaders and bad managers. This has been advantageous as it has shown me the blend of requirements that best motivate a team.

My teams know I have their back and that they can call on me whenever required. They know that I will support them and they in turn trust me to guide them with strategic leadership and direction.

We have open and honest conversations where I ask for their input. We do not always 100pc agree, but the willingness to be able to share disagreements and to be able to retain the trust within team leadership is pivotal to the team’s success.

Have you noticed a diversity problem in your sector?

There are multiple diversity issues within the cybersecurity arena, with an ageing population to serve and a lack of new blood. This is compounded by a ‘white male former law-enforcement agency’ stereotype and a gender imbalance – which, although improving, still has a long way to go.

Cybersecurity in today’s world requires greater digital and business understanding. We need to create an inclusive profession with risk management professionals who are digitally aware and possess strategic thinking and commercial acumen.

We can do this by recruiting from diverse sociocultural backgrounds and challenging the traditional norm regarding the need for STEM backgrounds.

STEM is important but not the be-all and end-all for employees within the sector. We need to become introspective to our own professional shortcomings and recognise the cultural and neurodiversity requirements to progress forward.

Did you ever have a mentor or someone who was pivotal in your career?

I have been fortunate enough to have had a number of formal and informal career mentors over the past two decades. The best mentoring comes from a position of self-awareness and the recognition, and emotional intelligence, to introspectively challenge your own thinking.

In working for good leaders, they positively encouraged diversity of thought and therefore when I started moving into more senior managerial roles, I recognised the benefits of seeking mentoring, and still count on a few key people for advice today. It is also a great opportunity to give back and pay forward your experiences.

In my personal view, while I am a global managing director, my key role is the stewardship of that business and its employees. That requires me to leave the business in a better place than I inherited it and ready it with the future talent to take it further forward.

What books have you read that you would recommend?

Three books immediately spring to mind:

  • The Trusted Advisor by Robert M Galford – a must for anyone in professional services
  • Information Security: A Strategic Approach by Vincent LeVeque, which is a great guide for cybersecurity professionals looking to elevate beyond the technology into the business aspects of information security
  • Hit Refresh by Satya Nadella, which reminds us all of the fragility of life and the need to maintain a healthy work-life balance
What are the essential tools and resources that get you through the working week?

There are three essential tools – coffee, effective diary management and my great team. The blend of all three allows me to keep focused on what I need to do and trust that activities that can be delegated will be delivered upon successfully.

­­­­­­­­­Want stories like this and more direct to your inbox? Sign up for Tech Trends, Silicon Republic’s weekly digest of need-to-know tech news.