Featured - Q&A: Rob Norris - VP Head of Enterprise & Cyber Security EMEIA at Fujitsu
We sat down with Rob Norris, VP Head of Enterprise & Cyber Security EMEIA at Fujitsu, to gain valuable insights into Fujitsu and his thoughts on the current cyber security landscape.
Rob is responsible for Fujitsu’s Cyber Security business across EMEIA, leading a business that develops and delivers offerings in order to keep pace with the company and societal challenges created by malware and hackers, as technologies continue to change. In this role, Rob is responsible for over 400 dedicated security specialists.
What made you embark upon a career in cyber security?
"I started my career in IT as a Field Service engineer with DEC, fixing some of the very first PC’s like the IBM XT/AT and Compaq Deskpro, which was more like a suitcase than a PC. Over the years I then moved into managing service delivery teams, and when researching organisations that won business against us, I came across unheard of organisations like E-soft global (renamed Vistorm), that were delivering new services that I had not heard of before e.g. ASP Services (Application Service Provider) Services or Cloud Services as we know them today.
With curiosity getting the better of me I joined a Dotcom start-up called Vistorm who had built allegedly “the world’s best ASP platform”. When the ASP bubble burst as the technology or customers were not quite ready for it, we quickly turned the company into a Security and Thin client organisation as we quickly worked out everyone needed a Firewall, Anti-virus and endpoint protection, whilst they wanted to access their desktop securely from anywhere. Vistorm was subsequently sold to EDS and was the bedrock for HP Security services in the UK, whilst I left to train for and run the New York Marathon, then joined Fujitsu to help build the Security business."
What areas are most organisations falling short in preparing for potential threats to IT security?
"Organisations used to think that it will always happen to someone else and not to them, so, over the years, organisations had the mind set to build strong defences like Firewalls and Anti-virus just once. With the volume and sophistication of attacks increasing at such a pace, organisations now realise that they need to be constantly vigilant to ensure that they are prepared to detect, and respond appropriately to threats. Doing this means that organisations now need to take a security-by-design approach which builds security into the technology, processes and culture of an organisation rather than buying a stand-alone solution to solve a specific problem."
What are the major considerations that CIO’s should be making when looking at investment in to IT security?
"There’s many things to consider when thinking about investing in your IT Security, but two key ones stand out right now. Firstly, Automation and Intelligence – the most effective way to protect your organisation is to quickly identify and prioritise the threats you see and then deal with the critical ones. Investing in some of the automation technologies we are starting to see can help your people prioritise threats, and some technologies can even deal with those threats leaving your people to focus on the critical issues.
The second consideration for CIOs is linked to the first; the people dealing with those threats are still one of your greatest assets. It’s well documented that there is a skills shortage in the IT security industry and there’s only two ways to address that; you can either invest in training your people up, or you can choose to take on expert help from organisations that can offer these expertise. Either way, you need the experts to be able to protect your business effectively."
Does IoT and the continuous advancement in smart devices make it more complicated to protect consumers and businesses?
"Yes it does. The proliferation of smart, connected devices that hold and transmit data, whilst also having privileged access to other data and systems opens up a much wider playing field for threat actors. We as consumers all hold data on our smartphones that we would not want to have stolen, and yet many of us are not that discerning about which wifi networks and Bluetooth connections we use in public. What’s more, even the most innocent of devices can now be used by attackers as part of their cyberattacks, such as internet connected CCTV cameras being used to mount a DDoS (Distributed Denial of Service) attack."
What significant changes do you see occurring within the cyber security market over the next five years?
"The rapid evolution of threats that I mentioned earlier is going to continue to drive an arms race in the cyber security space and we see this driving the progress of artificial intelligence tools to detect and respond to threats. The promise of AI has the potential to provide tools that can learn to detect even the subtlest of behaviours before they become a problem and shut the threats down much quicker."
With the skills gap growing year after year and reported to grow to 2.2 million worldwide vacancies by 2020; what do Fujitsu do to attract and retain the best cyber talent?
"I’m proud to say that we have some of the industry’s best people already working at Fujitsu and that brings its own halo effect. People want to work with the best people and so the calibre of people that are already part of the team is a real draw for potential recruits. But, we also have a culture of pushing for the best as well – we use best of breed tools and technologies to serve our customers and we constantly work to keep up with what’s going on in the space so we can say that we are at the leading edge, and that keeps the team motivated and makes us an attractive place to work.
However, just attracting and retaining the best existing talent isn’t enough. We have seen this skills gap problem ourselves and have been pivotal working with the UK Technical colleges to launched a new Cyber Security Council that has brought together our partners, and our competitors to address the shortage by committing resources to University Technical Colleges (UTCs) across the country to provide cyber security training. The aim is to have 500 students come out of UTC’s every year in the next few years, being better prepared to help UK PLC detect threats and defend organisations from attack. Interestingly, the week after we helped launch the Cyber Security Council, we saw that the Defence Secretary announced a Cyber Cadet scheme which goes to show that addressing this skills gap is not just a priority for organisations, but for the country as a whole."
What things are not commonly known about Fujitsu Cyber Security?
"We’re the 5th largest security services provider in the world, and although our Cyber Security division has not been in existence for that long, we have been keeping datacentres across the world safe for over 40 years. We have 2,000 security professionals across the world and some strong ambitions to grow that over the next few years. We’re also being recognised by the analysts as a contender in the industry, thanks to a strong portfolio of offerings that ranges from consulting to fully managed services."
How would you describe a typical day within Fujitsu cyber security?
"Exciting. You always come to work not knowing what may or may not happen. There’s no typical day in our industry, that’s what makes it so exciting. One thing I can rely on to stay consistent is the professionalism of my teams as they protect our customers. You can see a typical day in the life of our SOC in this video and what it highlights to me, is how the team so efficiently, calmly and effectively deal with threats so that the impact to the customer is kept to an absolute minimum."
With most major IT companies looking to recruit cyber security professionals, what stands Fujitsu apart?
"We talk to our customers about “intelligence led security” and I don’t see many other people talking about that in our industry. That concept is not just about the fact that we use the best threat intelligence tools to protect our customers, but it’s about the fact that we give the best tools, to the best people to provide the best result for our customers. We use our human intelligence, and experience, and the insight our tools provide to form an informed picture of what’s going on and then work with our customers to provide what they need. That can be through our consulting services, through our managed service offerings or simply recommending the right point solutions to bolster a customer’s security posture."