ISACA Journal
Volume 6, 2,016 


The Network 

Marcus Chambers, CISM, CGEIT, CEng 

What is the biggest security challenge that will be faced in 2017? How should it be addressed?

Enforcing international law against cybercriminals who operate across international boundaries. Ensuring it is safe to operate online in an international, rule-based system where the laws apply to all remains the enduring challenge.

What are your three goals for 2017?

  • Complete my third and final Masters degree, an MSc in information security
  • Learn to play the guitar (after the summer MSc exams)
  • Do a handstand push-up (see the final question!)

What is your favorite blog?

  • Krebs on Security
  • US National Institute for Standards and Technology’s (NIST) security updates
  • The Wall Street Journal and the Financial Times’ technology articles

What is on your desk right now?

My water bottle, MacBook Air and A5 Bullet Journal notebook

What is your number-one piece of advice for other information security professionals?

Get the basics right and everything else follows.

What is your favorite benefit of your ISACA membership?

Access to the research materials, frameworks and white papers

What do you do when you are not at work?

I read as widely as possible, military and political history as well as a wide range of fiction, and I love to exercise. Recently, I have become a CrossFit addict, but I try not to talk about it!

Question How do you think the role of the information security professional is changing or has changed?

Answer We are now able to base investment decisions on evidence from events that have occurred. Clients often ask if they are spending too much or too little money in comparison to their industry peers, and we can now generate a benchmark of spend across different industries to inform clients’ balance of investment decisions in a way not previously possible, as information security was not considered of sufficient importance to warrant its own budget.

The proliferation of technology means more people are able to understand our challenges. It will become easier to translate threats and risk using a common lexicon and thereby more effectively gain buy-in, understanding and compliance from people across an entire organization. I think we will see increasing benefit from our ability to work together, across multiple sectors, sharing information on threats and on how different organizations in different industries and potentially in different countries have responded.

Question How do you see the roles of information security and, specifically cyber security, changing in the long term?

Answer I think we will see a greater interest from the general public in keeping their personal information secure. Now, if people are asked for their personal details, even if they are just registering with, for example, a new dentist or a social group, they are likely to ask: “If I pass my personal information to you, are you able to guarantee its security?” I think more consumers should ask this question whenever they are asked for their name, address and date of birth.

Question How have the certifications you have attained advanced or enhanced your career? What certifications do you look for when recruiting new members of your team?

Answer I would not have gotten my current role without the Certified Information Security Manager (CISM) certification and I am proud to have a qualification that is so widely recognized.

The main certifications I look for are the CISM or CISSP qualifications, and most information security job specifications will detail either of those two as being mandatory. I also look for an interest in the profession and a keenness to learn, to stay abreast of current topics and understand the context in which we are operating. It is important to be able to relate security issues to risk, so suitable qualifications such as Certified in Risk and Information Systems Control (CRISC) are also highly regarded.

Question What do you think are the most effective ways to address the cyber security skills gap?

Answer This is a complex problem and it will take time to address. In the UK, we are doing more by teaching coding in school and promoting science, technology, engineering and mathematics (STEM), but it will take some years for the fruits of these labors to be realized. In the shorter term, we need to broaden our recruitment base to ensure greater gender parity and we also need to make certifications more accessible to those who are new to the industry. ISACA is doing good work here with the Cybersecurity Fundamentals Certificate.

Question The UK is widely considered the cyber security hub of Europe with the largest talent pool of cyberprofessionals. What do you think the long-term impact of Brexit will be on European and global cyber security?

Answer The UK is currently solidly entrenched as a primary hub for the international business community and has also yet to invoke Article 50, meaning the short- to medium-term impact is likely to be low. There is a potential risk to longer-term cyber security cooperation with the EU, although obstacles here would be in no one’s interest.

In terms of the UK’s position in Europe, a relevant example is the planned introduction of the EU’s General Data Protection Regulation, which will still affect UK-based organizations that handle EU data post-Brexit. If the UK does not enact a similar act under UK legislation (concerning data held within the UK for UK citizens), I fear the UK may lose out if its data protection standards are perceived to be lower than those of EU countries. Levels of data privacy and security are valid concerns and consumers may choose the best location to have their data stored, or the most customer-friendly regime within which to operate. The UK must remain the optimum choice in this marketplace.

Question You have considerable military experience. What role do you think the military will play in combating the threats of cyberterrorism and cyberwarfare?

Answer Cyberwarfare, or at least state-on-state cyberinterferences, have already taken place, and I have no doubt that Western militaries are working with other government bodies to share information to ensure an appropriate level of protection. Conventional Western militaries are very good at using existing frameworks, such as the North Atlantic Treaty Organization (NATO), for increased international cooperation and threat deterrence. The use of international organizations as a vehicle for greater cooperation should act as an exemplar for commercial and nonstate bodies to work together to combat threats, share information and learn from each other.

Question What has been your biggest workplace or career challenge and how did you face it?

Answer My transition from the military was a significant challenge. To overcome the challenge, I took advice from colleagues who had left the military before me, I networked and I ensured that I had appropriate qualifications to showcase my skill set. I made the challenge a little harder as I wanted to break into the commercial world, rather than work in the defense or public sector with which I was more familiar, but I am very happy with the result, have learned a tremendous amount and I enjoy each day’s new challenges.


Add Comments

Recent Comments

Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and from opinions endorsed by authors’ employers or the editors of the Journal. The ISACA Journal does not attest to the originality of authors’ content.