The winner of the Chief Security/Information Security Officer of the Year (2016), NCI Agency Chief of Cyber Security Ian West provided an interview for the Agency magazine on what makes a great cyber leader.
Both you and your team were nominated for the prestigious SC Awards 2016 Europe. It is quite a compliment, were you surprised?
SC Magazine is probably the leading cyber security publication in the world, it represents all aspects of the cyber security spectrum and is relevant to all organizations, from Industry to governments and academia.
So to find out first of all that I'd been nominated for this [Chief Security/Information Security Officer] award was quite a shock, and a very pleasant shock.
It's quite an accolade, and clearly not just for myself not just for myself but it is also a validation that what we do in NATO is being recognized and is seen as being successful, and it is clearly important.
Then we were told a little bit later that the cyber security team had been nominated for an award as well, that was more important to me, because there are 200 people who are doing a great job – and it's not just the people in the cyber security service line, we are supported by a whole range of folks from other parts of the Agency.
So winning these awards was incredibly important not just for those of us involved but to NATO as a whole. It really is that significant because when I talk about the team, everything that we do is guided by the [NATO Member] Nations. And the Nations over the years have shown supreme commitment to cyber defence with lots of initiatives at every Summit. It is a very big NATO team.
The recognition is made all the more special because the Awards were judged not just by SC Magazine, there was a panel with 25 experts from academia, Industry and government organizations so it's a huge honour and a great privilege to be a part of it.
What does it take to be a great cyber leader?
There is a phrase: 'From server room to boardroom." And basically what this means is that you can be the best technician anywhere, but if you cannot explain to the boardroom why they need cyber security, then you are probably not going to be successful.
So the really important thing is engagement and communication with and across the whole organization to talk to our boardroom. It is really important to facilitate this interaction.
The other thing that we've learned is that nobody has the entire solution for cyber security, everybody has a piece of the jigsaw.
Of course, NATO has recognized this, you've got to work together, it's got to be a collective effort. That's why we work very closely with our Allies, our Partners, Industry and Academia, as well as the EU. Working together really does enhance our collective cyber defence.
By the way, in February 2016, we signed the first formal agreement between NATO and the EU for years. It was signed between the NATO Computer Incident Response Capability (NCIRC) which of course is part of the Agency, and the Computer Emergency Response Team – European Union (CERT-EU). There is a lot of commonality between the EU and NATO, particularly as we use similar technology and face the same cyber threats, so working together for the common goal is a win-win situation for us.
A cyber security leader must understand not just the importance of cyber security itself but how it should work within an organization and even globally.