We sat down with Iain Dickson from Leidos to talk about why communication is key in cyber security.
Systems and management
All organisations need cyber security to deliver their outcomes safely within the interconnected world of today.
Organisations often hold personal and financial information they need to keep safe. And with 4.6 billion people online, doing trillions of transactions every day, there’s no one-size-fits-all for cyber security.
So they turn to cyber security professionals, like Iain Dickson from Leidos Australia, for advice about securing their organisations.
Following the creative path
Iain started his career in Adelaide as a software engineer. Backed with a physics and computer science degree, as well as a teaching degree, he created tools to enable cyber security in the public service.
On moving into the Department of Defence Security Operations Centre in 2017, he found access to a community and career options in cyber within Canberra that would feed his scientific curiosity.
‘Originally, I was taken by all the technical problems that I could solve,’ Iain says.
‘But now I see cyber as people, process and technology. There are cyber security problems that aren't just about the technical problem.
‘So, now when I develop solutions, I think about how I could make something difficult to hack into? How could I make it so that people can deal with that situation? How do I put processes in place so that I don't introduce vulnerabilities?
‘And how do I bring 3 things – the people, process and technology) – together?’
A gift for communicating
Iain’s now the Cyber Practice Lead for Leidos Australia. Federal Government agencies provide requirements for solutions to companies like Leidos, and the company then comes to Iain for cyber solutions to secure those solutions.
His role is somewhat of a ‘security unicorn’ or consultant within his organisation. He’s responsible for providing advice on all matters cyber security. This could be giving information on cyber threats or vulnerabilities, or developing new secure systems.
He develops organisations with the right team structures for ongoing security management, including training, and architects security platform solutions for varying client needs and to assist Leidos in delivering overall business outcomes.
Iain’s strength in communication and his teaching qualification help him every day.
‘I might be talking to a technical person one day and focusing very much on the technical detail. Then I may need to translate that to a senior (manager), like my boss who’s a Vice President,’ says Iain.
‘I need to be able to transition the information from the really technical in depth piece, but also then tell him “what is the most important things that I need to know”.’
Communication skills are being recognised as an important ability to work well in cyber security. Iain says it’s something he and Leidos look for in new recruits.
‘We look for an ability to write and communicate well. It’s incredibly important for cybersecurity professionals to be able to communicate what they're seeing.
‘The era of “I'm a technical person – I don't do communication or write papers” is over.’
Enabling businesses to do their job well
Iain refers to working in cyber security as being an enabler for an organisation. Cyber security solutions must never stop a business or organisation from doing its job.
‘For example, a financial company may disable macros because there's a particular piece of government advice that says they shouldn't. So they disable them, but it prevents the entire business from doing its job,’ he says.
‘As a security person, you fail if you don’t enable the business. Your whole job is to enable the business to do its job in a secure manner, not to just make the business secure.’
One week Iain might develop a security operation centre, designed to detect if someone breaks into a system, find where they are, and kick them out and remediate the network. Another week he might be supporting DevSecOps – developing secure code for a customer so that the software they use is secure to start with. He might be building risk and compliance strategies, or designing solutions to enable securing a network or platform.
His knowledge on emerging technologies and advice is much needed and highly regarded.
‘I'm very collaborative with all our clients,’ Iain says.
‘If they’ve asked for something, and I don't think that's the right option, I look at what we can actually give them the value that they require.
‘It's not about security just for the sake of it. It's about delivering meaningful outcomes that they can use to protect their organisation in the future.’
A community of support
Iain thrives on being part of a like-minded community in Canberra. When the COVID-19 pandemic hit, it was important to him that the community stayed connected.
‘Canberra's got a lot of good things when it comes to the cyber security industry in general, and there's a really good, thriving cyber security community of people,’ he says.
‘If you meet someone in cybersecurity and Canberra, they know everybody else. It’s very supportive with lots of good events and opportunities for careers.’
To stay connected during the pandemic, Iain and a group of other cyber professionals set up an online conference, which has turned into an ongoing online support group.
‘It’s an online forum with people working together, solving problems and supporting each other, not just cybersecurity, but also in those areas that are very relevant,’ Iain explains.
Iain says the online community has been a great place to support mental health in the industry.
‘Being able to support people through what is a very stressful career is something that has been very important to me. And the community has been one of those ways to do that.’