Meet the expert: Luke O’Brien to speak at PrivSec London

Live at Parc Plaza, Riverbank in London on February 28 and March 1, PrivSec London gives global audiences the chance to learn more about Trust, Digital Transformation, Ethics, Data Protection, Privacy, Security and much more.

The event will also provide a unique opportunity for industry professionals to network with peers and develop business relationships.

Luke O’Brien is Cyber Security Operations Manager at easyJet, and leverages over a decade’s experience in government, defence and aviation. He currently leads the security operations team at easyJet, providing cyber assurance to 200,000 passengers on 1,500 flights every day.

Passionate about inspiring the next generation, Luke is an active STEM ambassador and won the 2020 Cyber Volunteer of the year award at the National Cyber Awards. 

Luke will appear exclusively at PrivSec London to discuss ways in which businesses can develop a strong Data Protection and Privacy culture.

We caught up with Luke for more on his career so far, and for an introduction to the themes on the table at his PrivSec London session.

Could you outline your professional journey to date?

I served in the RAF for 12 years, specialising in cyber security. I ran the SOC for the UK Ministry of Defence for three years, covering the period including the Salisbury poisonings and the initial months of the COVID pandemic. 

I then moved to RAF HQ and in my final few months led the cyber defence planning for NATO missions in Eastern Europe at the beginning of the Ukraine crisis in 2022. 

I’ve been at easyJet since last May and have helped improve cyber resilience as the travel industry returns to normal post pandemic.

What does it mean to have a good culture of Data Protection and Security in an organisation?

A security culture must be part of a company’s overarching culture, so must be aligned to the business’ priorities and needs. Having a good culture is like oxygen, you don’t notice it when it is there but it’s very hard to get anything done without it! 

One thing I learned as an engineer in the Royal Air Force was the importance of a “just culture”. The NCSC uses this as part of their cultural awareness training too. This means that people will not be penalised for raising issues but instead rewarded and encouraged.

How does having a good DP&S culture impact on the bottom line?

Having a strong security culture means that your business is resilient to risks posed by cyber threats. The tangible financial benefits are clear here, the average cost of a cyber breach is $4.35million according to IBM so reducing the probability of that loss is absolutely essential. 

But on the softer side, having a general culture of openness and transparency means that employees feel safe to share their issues and ideas – this generally results in higher morale and productivity.

Could you highlight three key steps should organisations take to improve their DP&S culture?

1. Leadership is essential. Having leaders visibly buy in to security initiatives mean that the message cascades from the top down, especially when leaders practice what they preach.
2. Culture is dependent on people, so focusing on them is vital. A compliance or tick box approach just won’t work.
3. I’ve mentioned just culture before. Ensuring your policies are fair and logical means people will buy into them and work with them. There is no threat actor more determined than a good employee trying to do their job! Taking the attitude of security as an enabler not a blocker will pay dividends.