As the cybersecurity wars rage and the threats mount, organisations need to focus on security culture, says Vodafone Ireland’s Edel Briody.
Edel Briody is the head of corporate security, risk and compliance at Vodafone, and has worked there for four years.
With almost 20 years of security experience, mostly working in the telecoms industry, her current role gives her insight into threats, challenges and opportunities in new technologies, new legal frameworks and new ways of working.
‘Security is at the heart of how we work in Vodafone’
– EDEL BRIODY
During her career, Briody has successfully led transformational programmes that afford businesses an opportunity to improve baselines and build new talent capability. She is passionate about providing solutions to the many security challenges faced, be that in our professional or personal lives.
Tell me about your own role and your responsibilities in driving tech strategy.
I’ve a broad role here in Vodafone and that, coupled with the rapidly changing security landscape, provides me with a very exciting and challenging job. I get to work with every function across the business, supporting and advising on cybersecurity, risk or compliance matters, including transformational programmes, new products/services and new innovations.
The focus on GDPR means that security is at the heart of how we work in Vodafone. Customer trust underpins our strategy, and securing personal data is one of our top priorities.
Are you spearheading any major product/IT initiatives you can tell us about?
Everyone knows how important security, and in particular technical security, controls are. My view is that we need to focus even more now on security culture and keeping up with the threat landscape. I place a lot of emphasis on security culture and embedding it within an organisation. Our recent Cyber Ready Barometer highlighted that the more cyber-ready a business becomes, the better its overall business outcomes. The barometer found that 48pc of cyber-ready businesses surveyed globally reported more than 5pc increases in annual revenue as well as high stakeholder trust levels.
At Vodafone, we invest in building a healthy security culture, making it engaging, interactive and connecting it to personal lives. I think by simplifying security messages – and let’s be honest, some security intelligence can be difficult to grasp – we will foster change and better security. In my experience, people want to help and ‘do what’s right’.
We run lots of security campaigns in Vodafone, some face-to-face, some digital and some by gamification. We listen to what works best in each area and interact with the business on a daily basis.
How big is your team? Do you outsource where possible?
I have a big team and we never stand still! In general, security has a higher profile than in the past and it is critical that we have the right talent.
We do offshore some 24/7 security processes in Vodafone – this is one of the benefits of working for a large global company – but I think it is important to highlight how much things have changed. 20 years ago when I started my career, security teams worked in back offices. It is different today and we tend to sit within the business, working closely with them. These days, we are much more in the business of change management rather than enforcement.
What are your thoughts on digital transformation and how are you addressing it?
This is where it gets interesting for a security professional. I have to admit that I predicted more challenges than opportunities at first; however, roll the clock forward and I’ve really embraced how security is such a vital part of digital transformation.
Yes, we have to learn to get the balance right but more so than ever, it is so important that security is an integral part of new digital ways of working. Organisations need to understand the basics, build them into design, equip employees with the security basics and offer support from the security professionals.
An example of where I have really seen this make a difference is with the ISPCC. Since 2016, the Vodafone Ireland Foundation has had a strategic partnership with ISPCC’s Childline in sharing the joint vision of working towards ‘keeping children safe by keeping them connected’. As a member of the ISPCC’S online safety advisory group focusing on children’s cyber safety, we are rolling out these practices to the benefit of the organisation and the thousands of children the ISPCC works with every year.
There is a balancing act in keeping up the pace of innovation and protecting critical assets but I believe if you start with your critical assets and educating the entire business on security basics, it will make a big difference to the digital transformation journey.
What big tech trends do you believe are changing the world and your industry specifically?
I think mobility and new ways of working have changed rapidly. How we work now versus a few years ago is very different. The digital evolution is moving at pace, changing and connecting the way we work, live and communicate.
The adoption of smart working, which means empowering employees to work in an agile way, whether from home, a hub or hybrid model, is becoming more widespread. Companies of all sizes see it as a way to attract and retain talent but they’re also beginning to realise the benefits it can bring in terms of cost reduction and increased productivity.
I have a long daily commute and enjoy the benefits of increased mobility and the smart working practices adopted by Vodafone in relation to measurement on output, rather than presentism. That said, at Vodafone we also invest in protecting our people and our assets. We run simple campaigns for our employees, communicating security messages in a simple way.
In terms of security, what are your thoughts on how we can better protect data?
For me, start with the security basics, and in particular ingrain the concept that security belongs to everyone. Create simple steps that people can remember, both in a professional and private capacity. Get yourself in front of the business; move away from seeing security as a support function. Security should take precedence.
Second, invest in security culture – you can never do enough training! Be creative in awareness campaigns to ensure that they organically become part of the culture, and measure how effective the campaigns are.
In terms of cyber, continue to invest in cyber-defence organisations and track security baseline controls at a senior level in the organisation.
And, last but not least, build relationships and get to know people in the business. Employees are likely to be more engaged, and workplace trust is key to any successful organisation.
Want stories like this and more direct to your inbox? Sign up for Tech Trends, Silicon Republic’s weekly digest of need-to-know tech news.