We are very happy to announce that easyJet Cyber Security Chief Luke O’Brien will be speaking at PrivSec London, next week.

Luke O’Brien Headshot

Live at Parc Plaza, Riverbank in London on February 28 and March 1, PrivSec London gives global audiences the chance to learn more about Trust, Digital Transformation, Ethics, Data Protection, Privacy, Security and much more.

The event will also provide a unique opportunity for industry professionals to network with peers and develop business relationships.

Luke O’Brien is Cyber Security Operations Manager at easyJet, and leverages over a decade’s experience in government, defence and aviation. He currently leads the security operations team at easyJet, providing cyber assurance to 200,000 passengers on 1,500 flights every day.

Passionate about inspiring the next generation, Luke is an active STEM ambassador and won the 2020 Cyber Volunteer of the year award at the National Cyber Awards. 

Luke will appear exclusively at PrivSec London to discuss ways in which businesses can develop a strong Data Protection and Privacy culture.

We caught up with Luke for more on his career so far, and for an introduction to the themes on the table at his PrivSec London session.

Could you outline your professional journey to date?

I served in the RAF for 12 years, specialising in cyber security. I ran the SOC for the UK Ministry of Defence for three years, covering the period including the Salisbury poisonings and the initial months of the COVID pandemic. 

I then moved to RAF HQ and in my final few months led the cyber defence planning for NATO missions in Eastern Europe at the beginning of the Ukraine crisis in 2022. 

I’ve been at easyJet since last May and have helped improve cyber resilience as the travel industry returns to normal post pandemic.

What does it mean to have a good culture of Data Protection and Security in an organisation?

A security culture must be part of a company’s overarching culture, so must be aligned to the business’ priorities and needs. Having a good culture is like oxygen, you don’t notice it when it is there but it’s very hard to get anything done without it! 

One thing I learned as an engineer in the Royal Air Force was the importance of a “just culture”. The NCSC uses this as part of their cultural awareness training too. This means that people will not be penalised for raising issues but instead rewarded and encouraged.

How does having a good DP&S culture impact on the bottom line?

Having a strong security culture means that your business is resilient to risks posed by cyber threats. The tangible financial benefits are clear here, the average cost of a cyber breach is $4.35million according to IBM so reducing the probability of that loss is absolutely essential. 

But on the softer side, having a general culture of openness and transparency means that employees feel safe to share their issues and ideas – this generally results in higher morale and productivity.

Could you highlight three key steps should organisations take to improve their DP&S culture?

  1. Leadership is essential. Having leaders visibly buy in to security initiatives mean that the message cascades from the top down, especially when leaders practice what they preach.
  2. Culture is dependent on people, so focusing on them is vital. A compliance or tick box approach just won’t work.
  3. I’ve mentioned just culture before. Ensuring your policies are fair and logical means people will buy into them and work with them. There is no threat actor more determined than a good employee trying to do their job! Taking the attitude of security as an enabler not a blocker will pay dividends.

Don’t miss Luke O’Brien exploring these issues in depth at PrivSec London in his session, “Strategic Business Decisions to Implement a Data Protection and Security Culture”.

The session sits within a two-day agenda of insight and guidance at PrivSec London, taking place at Park Plaza, Riverfront in London on February 28 and March 1.

The event brings together thought leaders and senior industry professionals to help you understand more about Trust, Digital Transformation, Ethics, Data Protection, Privacy and Security challenges. 

Content is delivered through keynotes, presentations and panel discussions.

 Location: Privacy Theatre

 Session: “Strategic Business Decisions to Implement a Data Protection and Security Culture”

 Time: 10:00am – 10:40am GMT

 Date: Tuesday 28th February

PrivSec London is also available on-demand for global viewing.

Click here to book your place at PrivSec London

PrivSec London logo