Meet the expert: Paul Bedford to speak at PrivSec London

Live at Parc Plaza, Riverbank in London on February 28 and March 1, PrivSec London gives global audiences the chance to learn more about Trust, Digital Transformation, Ethics, Data Protection, Privacy, Security and much more.

The event will also provide a unique opportunity for industry professionals to network with peers and develop business relationships. 

A passionate cyber security consultant with more than two decades’ frontline experience in IT, Paul Bedford has been delivering critical security systems to retail organisations for the past five years.

Paul will appear exclusively at PrivSec London to discuss hybrid working, and how organisations can develop hybrid strategies in a way that promotes cyber resilience.

We caught up with Paul for more on his career so far, and for an introduction to the themes on the table at his PrivSec London session.

Could you briefly outline your professional journey to date?

I started my career as a nerdy programmer wanting to make a million from creating an addictive computer game. Alas I never achieved that goal, so I got a job as a coder. 

From there I became a Development Team Leader, Project Manager and then took a sideways step to become a Business Analyst. 

The projects I worked on grew in size and budget and I found myself working for huge corporations on major programmes of work. Cyber Security was often looked at as an annoyance, but things changed rapidly after a few major breaches occurred and legislation was tightened up. 

I realised that I had a passion for keeping information secure and that it was a massive growth industry. For the past five years Cyber and Information Security have been my daily delight. I’ve worked with loads of companies, but the recent highlights are: Burberry, Shell, HSBC, RWE Npower, NFU Mutual, HMRC and Cap Gemini.

Could you summarise the implications that hybrid working has had / is having on cyber resilience?

Hybrid working has added a big layer of complexity to organisations’ security. For most companies, the move to home working was done extremely rapidly. When such a massive undertaking is rushed to help a business survive, then there’s going to be gaps. 

Going from a workforce that was mostly in the office, logging in securely inside a nice set of security controls, where all devices were updated regularly and protected, to a distributed workforce where control of updates has been difficult, people are using their own devices, they may be logging into dodgy Wi-Fi routers and so on. It’s a huge change.

In brief: Cyber resilience has suffered for sure. Most companies seem to be playing catch up, and some companies are burying their head in the sand and hoping nothing bad happens, which is not a good strategy.

What challenges do organisations face as they push to keep data and systems secure in a hybrid working environment?

Organisations are facing two major issues: the first is putting in layers of technical protection that secures their devices and data outside of their internal firewalls. 

Boundaries used to be very clear, but with home working and data being stored in the Cloud, it’s now a much more difficult exercise. 

The second is the Human Firewall: creating a culture of “Security First” amongst their employees. This is about fostering behaviours that lead to making data more secure and reducing risk through education.