In our latest reader-submitted Q&A, Lluis Mora talks about the importance of product design, customer experience and trust
What is your full job title?
Chief Security Officer at Entain Group
Which industry do you work in? How long have you worked in the industry?
I work in information security and cybersecurity. I have been in this industry for more than 20 years, starting my career back in 1999.
How long have you worked in your current role?
I was appointed in July 2020 as Chief Security Officer for Entain Group. However, I have been involved in the Group since 2007, having previously worked at PartyGaming, an Entain-owned brand, now known as Bwin Party Digital Entertainment. In my role at PartyGaming, I played a significant role in leading and growing the cybersecurity culture at Entain Group.
How did you get into your current role?
Just after going public, Entain Group was growing exponentially and there was already a perception that trust was one of the unique selling points of our products, with a small cybersecurity team already in place. Prior to being involved with the Group, I worked at a boutique cybersecurity consultancy firm and was approached by a colleague at what was known back then as PartyGaming, to see if I could bolster its cybersecurity efforts. With customer trust remaining a constant goal at our organisation, we have been growing the cybersecurity team ever since.”
What does a typical day look like?
“There is never a typical day in the cybersecurity world! Most of my days are spent having conversations with business owners about the unique threats and risks to their areas and products, so that together we can take the correct informed decision on how to address those risks. This input keeps us aligned with the business and helps us to shape cybersecurity at the organisation, which ultimately contributes to the trust that our customers put into Entain.
We have a three-year cybersecurity strategy, which helps the Group to stay ahead of the curve and remain in a position of enablers to businesses, rather than blockers, so roughly half of our time is devoted to executing our long-term initiatives.
“Sports betting, gambling and gaming are highly-regulated, and we spend a substantial amount of our time in external audits from the various jurisdictions where we operate. At any given time, we are undergoing at least two to three audits, with their corresponding security assessments and penetration tests.
Of course, cybersecurity will be nothing without unexpected issues and incidents, so a variable chunk of my time goes into reviewing the current status of issues, speaking with the teams engaged in resolving the incidents, and reporting as necessary to the executive team and the board on ‘hot topics’ that require a cybersecurity steer.
“When I have some time left in my day, I spend it trying to keep abreast with the threat landscape and developments in cybersecurity. After all, our world moves fast, but cybersecurity moves faster.”
What is your greatest achievement so far?
“My biggest achievement so far is putting together a very strong cybersecurity team. No matter where your expertise lies – whether its auditing, GRC (governance, risk and compliance), IT, application security, security testing, incident response and consultancy – no single person can be the best in all areas of cybersecurity. It is therefore important to bring together a strong and resilient team of individuals; giving them ownership of their areas and empowering them to make decisions. This not only helps them to grow as individuals and professionals, but it ultimately pushes the boundaries of cybersecurity at Entain.
“However, none of this will be possible without catching up regularly with the team, having two-way conversations with them to ensure they are happy and remain motivated, as well as detecting and addressing burnout before it settles. This has never been so important, as the recent lockdowns have made people feel more isolated from each other. It is crucial that we are able to keep up the team spirit and dedicate enough time to the people behind the roles.”
What is the most challenging thing about your role?
“The most challenging aspect of my role is trying to predict the future. Cybersecurity threats evolve on a regular basis, so we need to be one step ahead of the threat actors, trying to understand what motivates them and how to stop them from achieving their goals.
“To overcome this issue, we have built a solid cybersecurity programme, anchored on regular risk assessments, a catalogue of security controls that we systematically apply, and near real-time visibility on how each control contributes to our business. This helps us to prioritise our resources, make the best use of our time and deliver security where it makes the most impact.”
What part of your role do you enjoy the most?
“Working in the sports betting and gaming industry, the part of my role I enjoy the most is the uniqueness of the solutions and challenges we face as an organisation. Every day, Entain Group is faced with unique challenges that very few organisations have to address. To combat this, we have built a strong team and technology behind us.
“Another aspect of my role I enjoy is working with my colleagues, as we are always learning together as a team. Cybersecurity is an extremely fast-moving industry and Entain Group has hired good people and professionals at the top of their game. Adding to that, Entain has fostered a culture of entrepreneurship, encouraging everyone to not be afraid of bringing their ideas to the table.”
How do you see your role/industry changing in the next few years?
“The cybersecurity industry has evolved significantly in recent years, moving from an IT concern to that of the wider business. In the future, we will continue to see this change in perception within companies and cybersecurity will become the number one risk for many organisations. It is therefore critical that the industry continues to enhance, for example, its product design, the customer experience, and the trust of customers and shareholders, to accelerate cybersecurity in the next few years.”
Would you recommend working in this role? Please give your reasons.
“I would absolutely recommend working in a cybersecurity role. Some industries can be quite static – but not cybersecurity. Every day is completely different, and we have to move fast as an organisation, which is exciting to be a part of.”
Do you work in privacy, security or data protection? Don’t miss the chance to feature in one of PrivSec Report’s regular job focus Q&As.
We are looking for people who work in privacy, security and data protection roles and those who work in related legal and regulatory fields across a range of industries to tell us about their everyday job.
Just fill in our short Q&A (see questions below) and submit a photograph to be considered for inclusion. We want to feature people of all levels of seniority.
If you want to take part, email Carl Brown at carl@grcworldforums.com
No comments yet